Sex toys maker Tenga says hacker stole customer information

Sex toy maker Tenga told customers on Friday that it suffered a data breach, according to an email obtained.

In the notification, the Japan-based company said that “an unauthorised party gained access to the professional email account of one of our employees,” giving the intruder access to the contents of that employee’s inbox. The access may have allowed the hacker to view and steal customer names, email addresses, and past email correspondence, “which may include order details or customer service inquiries.”

Tenga also said the attacker sent spam messages from the compromised account to the employee’s contacts, including customers, according to the email.

After the story was published, a Tenga spokesperson said the breach affected “approximately 600 people” in the United States, based on a forensic review. “We have already proactively contacted those who may have been impacted to ensure their safety and provide guidance,” the spokesperson said.

Tenga says on its website that it has shipped more than 162 million products worldwide.

Because of the nature of the products involved, order details and customer service communications could contain intimate information that many customers likely would not want disclosed.

The company advised customers to change their passwords, even though it did not say customer passwords were exposed, and to be cautious about suspicious emails — particularly those that appear to come from a specific employee, who is believed to be the one whose account was compromised.

Tenga said it took several steps after discovering the breach, including resetting the affected employee’s credentials and enabling multi-factor authentication “across our systems,” a basic security measure that helps prevent account access even when passwords are stolen.

The spokesperson declined to say whether multi-factor authentication had been enabled on the employee’s email account before the incident.

Tenga was founded in 2005 in Japan and is headquartered in Tokyo. The company sells a range of sex toys, primarily for men. It remains unclear whether customers outside the United States were affected, as Tenga Store USA sent the email notice.

Tenga is the latest example in a growing list of sex toy manufacturers — including Lovense last year — and adult websites, such as Pornhub last year and SexPanther in 2020, that have been hacked.