Japanese sex toy giant Tenga confirmed a data breach on Friday after a hacker hijacked an employee’s professional email account, according to an email obtained by a source.
The company revealed that an unauthorized party gained full access to an employee’s inbox, exposing sensitive customer data. This breach allowed the attacker to view and potentially steal customer names, email addresses, and historical correspondence, including specific order details and sensitive customer service inquiries.
According to the notification sent to users, the hacker used the compromised account to blast spam emails to the employee’s entire contact list, including Tenga customers.
Following the initial report, a Tenga spokesperson told TechMarge that a forensic review identified approximately 600 impacted individuals within the United States. The company stated it has already contacted these users to provide safety guidance and ensure their security.
With over 162 million products shipped worldwide, Tenga’s breach raises significant privacy concerns. Given the intimate nature of the products, order histories and support tickets often contain deeply personal information that customers expect to remain private.
While Tenga did not confirm a password leak, it urged customers to update their credentials immediately. The company also warned users to stay vigilant against suspicious emails, particularly those originating from the specific employee whose account was compromised.
In response to the attack, Tenga reset the affected employee’s credentials and finally enabled multi-factor authentication (MFA) across its systems. This basic security layer helps block unauthorized access even if a hacker possesses a valid password. Notably, the spokesperson declined to clarify whether MFA was active on the hijacked account before the breach occurred.
Founded in Tokyo in 2005, Tenga primarily markets adult products for men. While the breach notification came specifically from Tenga Store USA, it remains unclear if the hack affected international customers.
Tenga now joins a growing list of adult-industry victims targeted by hackers. This incident follows high-profile breaches at Lovense and Pornhub last year, as well as the 2020 hack of SexPanther, highlighting a persistent security threat within the sector.
