Japanese adult products manufacturer Tenga's email system was hacked and customers' private information was stolen

Japanese adult products manufacturer Tenga sent a notice to customers on Friday saying it had suffered a data breach. The company said "an unauthorized third party gained access to the business email of one of our employees," allowing hackers to view and steal the contents of the employee's inbox.

According to the notice, the intrusion may have resulted in the theft of customer names, email addresses, and historical email correspondence, "which may include order details or customer service inquiry records." The hackers also used compromised employee accounts to send spam emails to their contacts, which included the company's customers. Considering the special nature of the relevant products, order details and customer service inquiry records are likely to contain a lot of private information that customers do not want to make public.

Tenga did not provide further information, such as the total number of affected customers. The company claims on its website that it has sold more than 162 million products worldwide. Although the company did not say that customer passwords were compromised, it still recommended that customers change their passwords and be wary of suspicious emails, especially those from a specific employee who appears to be the person whose account was compromised.

Tenga said it took several steps after the data breach, including resetting compromised employee login credentials and enabling multi-factor authentication, an essential security feature "across all our systems," that prevents accounts from being accessed using stolen passwords. But the company did not respond when asked whether the email account did not have multi-factor authentication enabled before the breach.

Tenga was founded in 2005 and is headquartered in Tokyo. It mainly sells various adult products, mainly to male users. Since the notification email clearly comes from Tenga Store USA, it's unclear whether the breach affects customers outside the United States. Tenga becomes the latest adult products manufacturer to be hacked. Prior to this, Lovesense suffered a similar incident last year, while Pornhub was also hacked last year and SexPanther was hacked in 2020.