Breach Notification And Initial Disclosure
Sex toy maker Tenga notified customers of a data breach on Friday, according to an email obtained by TechCrunch. In the message, the Japanese company said that “an unauthorized party gained access to the professional email account of one of our employees,” which gave the attacker access to the contents of that employee’s inbox. The company said this access may have allowed the hacker to view or steal customer names, email addresses, and historical email correspondence, including messages that “may include order details or customer service inquiries.”
What Data May Have Been Exposed
Tenga said the compromised inbox could contain past conversations with customers, which may include order information or support requests. Such records can contain sensitive and personal details given the nature of the products involved. The company did not say how many customers were affected and did not respond to a request for comment seeking more information. On its website, Tenga says it has shipped more than 162 million products worldwide.
Spam Messages Sent From The Compromised Account
The company told customers that the attacker also used the hacked employee’s account to send spam emails to the employee’s contacts, including customers. The notification warned recipients to be cautious about suspicious messages, especially those appearing to come from the specific employee whose account was compromised.
Company Response And Security Measures
Tenga said it took several steps after discovering the incident. The company said it reset the affected employee’s credentials and enabled multi factor authentication across its systems. Multi factor authentication is a security feature designed to prevent access even if a password is stolen. The company did not say whether the compromised email account lacked multi factor authentication before the breach and did not respond to follow up questions on that point. Tenga also recommended that customers change their passwords and remain alert to suspicious emails, even though it did not say customer passwords were accessed.
Geographic Scope And Corporate Background
The notification came from Tenga Store USA, and the company did not clarify whether customers outside the United States were affected. Tenga was founded in 2005 in Japan and is headquartered in Tokyo. The company sells a range of sex toys, primarily for men.
Broader Context Of Similar Incidents
Tenga is the latest in a series of adult product companies and adult websites that have reported security incidents in recent years. Other examples include sex toy maker Lovense last year, adult website Pornhub last year, and SexPanther in 2020.
Featured image credits: Flickr
For more stories like it, click the +Follow button at the top of this page to follow us.