Sex toy maker Tenga says a hacker stole customer information

Sex toy maker Tenga notified customers of a data breach on Friday, according to an email obtained by TechCrunch.

The Japanese company said in the message that “an unauthorized party gained access to the professional email account of one of our employees,” giving the hacker access to the contents of the employee’s inbox. This access potentially allowed the hacker to see and steal customer names, email addresses and historical email correspondence, “which may include order details or customer service inquiries.”

The hacker also sent unsolicited emails to the hacked employee’s contacts, including customers, according to the email sent to the customers.

Tenga did not respond to a request for comment and provide further information, such as the total number of customers affected. The company says on its website that it has shipped more than 162 million products worldwide.

Order details and customer service inquiries are likely to include intimate information that many customers may not wish to disclose, given the nature of the products in question.

The company recommended that customers change their passwords, although it did not mention that customers’ passwords had been compromised, and to be vigilant of suspicious emails, especially coming from a particular employee, who appears to be the one whose account was hacked.

Tenga said it took several actions after the hack, including resetting the compromised employee’s credentials and enabling “across our systems,” a key security feature called multi-factor authentication, which blocks access to accounts with stolen passwords. The company did not respond when asked if there were not multiple factors in the email account prior to this hack.

Tenga was founded in 2005 in Japan and is headquartered in Tokyo. Tenga sells a variety of sex toys, mostly for men. It’s unclear whether the hack affected customers outside the US, since the email explicitly came from Tenga Store USA.

Tenga is the latest in a long list of sex toy makers, such as Lovesense last year, and adult websites, such as Pornhub last year and SexPanther in 2020, to have been hacked.