Sex toy maker Tenga says hacker stole customer information | TechCrunch

Sex toy maker Tenga notified customers of a data breach on Friday, according to an email obtained by TechCrunch.

In the message, the Japanese company states that “an unauthorized party gained access to the professional email account of one of our employees,” giving the hacker access to the contents of the employee’s inbox. This access potentially allowed the hacker to view and steal customer names, email addresses and historical email correspondence, “which could include order information or customer service inquiries.”

The hacker also sent spam emails to the hacked employee’s contacts, including customers, according to the email sent to customers.

Tenga did not respond to a request for comment or to provide more information, such as the total number of affected customers. The company says on its website that it has shipped more than 162 million products worldwide.

Order information and customer service inquiries are likely to contain confidential information that many customers would likely not want to disclose given the nature of the products in question.

The company advised customers to change their passwords, even though it did not say customers’ passwords had been compromised, and to be vigilant for suspicious emails, especially from a specific employee, who appears to be the one whose account was hacked.

Tenga said it took several measures following the breach, including resetting the compromised employee’s credentials and enabling “on our systems” a basic security feature called multi-factor authentication, which prevents access to accounts with stolen passwords. The company did not respond when asked whether the email account was multi-factored prior to this breach.

Tenga was founded in Japan in 2005 and is headquartered in Tokyo. Tenga sells a variety of sex toys, mainly for men. It is unclear whether the breach affected customers outside the United States, as the email explicitly came from Tenga Store USA.

Tenga is the latest in a long list of sex toy makers, such as Lovesense last year, and adult websites, such as Pornhub last year and SexPanther in 2020, to have been hacked.