Sex toy maker Tenga says a hacker accessed an employee’s email account, potentially exposing customer names, emails, and order details. TENGA Co., Ltd. is a Tokyo-based Japanese sexual wellness and lifestyle company known for its innovative adult products. It employs roughly 125 200 people worldwide across its Japan headquarters and international offices. Tenga operates in personal […] Sex toy maker Tenga says a hacker accessed an employee’s email account, potentially exposing customer names, emails, and order details. TENGA Co., Ltd. is a Tokyo-based Japanese sexual wellness and lifestyle company known for its innovative adult products. It employs roughly 125 200 people worldwide across its Japan headquarters and international offices. Tenga operates in personal care product manufacturing and sells products in dozens of countries, with annual revenue estimates in the tens of millions of dollars. The Japanese sex toy maker disclosed a data breach after a hacker accessed an employee’s professional email account, TechCruch reports. The unauthorized access exposed the contents of the inbox, potentially including customer names, email addresses, past correspondence, order details, and customer service inquiries. The company started notifying impacted customers on Friday, February 13, 2026. With over 162 million products shipped worldwide, exposed emails may contain intimate order details and customer service inquiries that many would prefer to keep private. The security breach exposes impacted customers to several risks. This can lead to targeted phishing, social engineering, and scams exploiting sensitive purchase information. Even without direct financial data, the exposure raises privacy concerns, reputational harm, and the potential resale of email addresses on underground forums. The company advises impacted customers to change passwords and monitor for suspicious emails, particularly those that appear to come from the compromised employee, to reduce the risk of phishing or social engineering attacks. In response to the security incident, the company reset the compromised employee’s credentials and enabled multi-factor authentication across its systems to block unauthorized access. The company did not disclose technical details about the attack. It is unclear whether the attackers attempted to blackmail the Japanese firm. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs hacking, data breach)
Published: 2026-02-16T08:31:24