Sex toys maker Tenga says hacker stole customer information | TechCrunch

Sex toy maker Tenga notified customers of a data breach on Friday, according to an email obtained by TechCrunch.

In the message, the Japanese company said that “an unauthorized party gained access to the professional email account of one of our employees,” which gave the hacker access to the contents of the employee’s inbox. This access potentially allowed the hacker to see and steal customer names, email addresses, and historical email correspondence, “which may include order details or customer service inquiries.”

The hacker also sent spam emails to the hacked employee’s contacts, including customers, according to the email sent to customers.

Tenga did not respond to a request for comment and to provide more information, such as the total number of customers affected. The company says on its website that it has shipped over 162 million products worldwide.

Order details and customer service inquiries are likely to include intimate information that many customers probably wouldn’t want to disclose, given the nature of the products in question.

The company recommended customers to change their passwords, even though it did not say that customers’ passwords were compromised, and to be vigilant of suspicious emails, especially coming from a specific employee, who appears to be the one whose account was breached. 

Tenga said it took several measures after the breach, including resetting the hacked employee’s credentials and enabling “across our systems,” a basic security feature called multi-factor authentication, which prevents access to accounts with stolen passwords. The company did not respond when it was asked if there was no multi-factor on the email account prior to this breach. 

Tenga was founded in 2005 in Japan, and is headquartered in Tokyo. Tenga sells a variety of sex toys, mostly for men. It’s unclear if the breach affected customers outside of the United States, given that the email came explicitly from Tenga Store USA.

Tenga is the latest in a long list of sex toy makers, such as Lovesense last year, and adult websites, such as Pornhub last year and SexPanther in 2020, that have been hacked.