This sex toy maker's customer data has been leaked
What's the story
Japanese sex toy manufacturer Tenga has reported a data breach. The company revealed in an email, accessed by TechCrunch, that "an unauthorized party gained access to the professional email account of one of our employees." This breach gave the hacker access to the employee's inbox and potentially exposed customer names, email addresses, and past communications including order details or customer service inquiries.
Misuse
Hacker used stolen data to send spam emails
The hacker didn't just stop at accessing sensitive information but also used the stolen data to send spam emails to the contacts of the compromised employee, including customers. Tenga has not disclosed how many customers were affected by this breach. The firm claims on its website that it has shipped over 162 million products globally.
Customer advisory
Tenga has reset the compromised employee's credentials
In light of the breach, Tenga has advised its customers to change their passwords and stay alert for suspicious emails. This advice comes especially for communications from a particular employee whose account was compromised. The company has also taken steps like resetting the hacked employee's credentials and enabling multi-factor authentication across its systems to prevent further breaches.
Company response
Was multi-factor authentication enabled before the breach?
Despite the measures taken after the breach, Tenga has not clarified if multi-factor authentication was enabled on the email account before this incident. The company, which was founded in 2005 and is headquartered in Tokyo, specializes in a range of sex toys primarily for men. It is still unclear whether customers outside the US were affected by this data breach as Tenga Store USA sent out the warning email.