Tenga Says Hacker Accessed Customer Data in Email Breach
Sex toy maker warns of exposed names, emails, and order details after employee account compromise.
Japanese sex toy manufacturer Tenga has notified customers of a data breach.
In an email seen by TechCrunch, the company said an unauthorized party accessed a professional email account belonging to one of its employees.
The breach exposed the contents of the employee’s inbox.
- Compromised asset: employee email account
- Data potentially exposed: names and email addresses
- Possible access to order details and support inquiries
Customer Information Potentially Viewed
According to the notice, the hacker may have accessed customer names, email addresses, and historical correspondence.
That correspondence could include order details or customer service inquiries.
Given the nature of Tenga’s products, such data may contain highly sensitive personal information.
- Purchase histories
- Product inquiries
- Private customer communications
For many customers, exposure of such details carries reputational and privacy risks.
Spam Emails Sent From Compromised Account
The attacker also used the breached account to send spam emails to contacts, including customers.
Tenga warned recipients to remain cautious, especially regarding emails appearing to come from the affected employee.
The company advised customers to change passwords, though it did not state that passwords were accessed.
- Spam distributed via employee inbox
- Customers urged to stay vigilant
- No confirmation of password compromise
Security Measures Taken After the Breach
Tenga said it reset the employee’s credentials following the incident.
It also enabled multi-factor authentication (MFA) “across our systems,” a security control that blocks logins with stolen passwords.
The company did not clarify whether MFA had been enabled on the breached account before the incident.
- Credentials reset
- MFA activated
- Scope of prior protections unclear
Tenga did not respond to requests for additional details, including the number of affected customers.
Scale and Broader Context
Tenga, founded in 2005 and headquartered in Tokyo, says it has shipped more than 162 million products worldwide.
It is unclear whether the breach affected customers outside the United States, though the notification email came from Tenga Store USA.
The company joins a growing list of adult-product brands and platforms targeted by hackers.
Last year, Lovense and Pornhub disclosed security incidents, while SexPanther was breached in 2020.
Is the adult retail sector becoming a soft target due to the sensitive data it holds?
For consumers, the incident underscores a recurring truth: even deeply personal purchases often sit inside ordinary corporate inboxes.
TL;DR: Tenga disclosed a data breach after a hacker accessed an employee’s email account, potentially exposing customer names, email addresses, and order-related correspondence. Spam emails were sent from the account. The company reset credentials and enabled multi-factor authentication but has not disclosed how many customers were affected.
AI summary:
- Employee email account compromised
- Customer names and order details potentially exposed
- Spam emails sent from hacked inbox
- MFA enabled after breach
- Total affected customers unknown
