Tenga Suffers Email Account Compromise Leading to Customer Data Exposure

13.02.2026

Japanese adult product manufacturer Tenga disclosed a security incident on Friday, confirming that an unauthorized third party gained access to a corporate email account belonging to one of its employees. The breach potentially exposed sensitive customer information including names, email addresses, and historical email correspondence.

According to the notification sent to affected customers, the compromised employee inbox may have contained order details and customer service inquiries. Given the intimate nature of the products involved, this information could include highly personal data that customers would prefer to keep confidential.

The threat actor leveraged the compromised account to distribute spam emails to the employee's contact list, including customers. The total number of affected users remains undisclosed, though Tenga reports having shipped over 162 million products globally through its distribution channels.

Security Measures Implemented:

Following the incident discovery, Tenga implemented several remediation steps:

• Immediate credential reset for the compromised employee account

• System-wide deployment of multi-factor authentication (MFA)

• Enhanced monitoring of email systems

The company did not confirm whether MFA was enabled on the breached account prior to the incident, raising questions about baseline security controls.

Customer Recommendations:

Tenga advised customers to take the following precautionary measures:

• Reset account passwords as a preventive measure

• Remain vigilant for suspicious or phishing emails

• Exercise caution with communications appearing to originate from the affected employee

Notably, the company stated that customer passwords were not directly compromised in this incident.

The breach notification appears to have originated from Tenga Store USA, leaving uncertainty regarding whether international customers were impacted. The Tokyo-headquartered company, established in 2005, specializes in adult wellness products primarily targeting male consumers.

This incident adds Tenga to a growing list of adult industry companies experiencing security breaches, including Lovesense in 2024, Pornhub in 2024, and SexPanther in 2020, highlighting ongoing cybersecurity challenges within this sector.

Tags: Customer data data breach cybersecurity incident email compromise MFA

Share: VK Telegram Twitter