Powered by MOMENTUMMEDIA
For breaking news and daily updates, subscribe to our newsletter
user icon Login
Become a free member

Penetrated: Adult toy maker suffers leak after hacker slips in

A Japanese sex toy maker has had private data potentially exposed after a threat actor penetrated the email of a company staffer.

author profile
Daniel Croft
Fri, 20 Feb 2026 Security
Penetrated: Adult toy maker suffers leak after hacker slips in

The adult toy maker, TENGA, informed its US-based customers that a number of them had been caught up in the incident.

“On February 12, 2026, TENGA USA identified a localised security incident involving a single employee’s email account,” it said.

You’re out of free articles for this month

“This incident concerns a limited segment of our US customers who interacted with our customer service channel. Our global systems and databases outside of the US remain secure and unaffected.

 
 

“The information involved was limited to customer email addresses and related correspondence history. No sensitive personal data, such as Social Security numbers, billing/credit card information, or TENGA/iroha Store passwords, were jeopardised in this incident.”

According to the release, the cyber incident occurred when the threat actor used a staff email to send a suspicious attachment, which, when opened during a small execution window, impacted those recipients.

“We want to state clearly that there is no risk to your device or data if the suspicious attachment was not opened. The risk was limited to the potential execution of the attachment within the specific ‘spam’ window (February 12, 2026, between 12am and 1am PT),” the company said.

TENGA added that any customers who may have been affected have been contacted “proactively” to prevent the spread of the emails.

The company also explained that its systems only allow customer data to be accessible to those it is essential for and that all payment information is encrypted.

“Our email and e-commerce systems are managed through strict data siloing. Our e-commerce platforms are further protected by multifactor authentication (MFA) and rigorous user management to ensure customer data is only accessible to essential personnel. Furthermore, sensitive information such as payment details and passwords are encrypted and hashed by default, making them inaccessible even to TENGA employees,” the company said.

“We are currently enhancing these security protocols further across all systems to prevent any future recurrence.”

TENGA recommends that users update passwords, avoid reusing passwords across platforms, and review security settings for suspicious activity.

The company did not identify the threat actor, nor did it say how many were impacted.

Cyber Daily has not observed any group or individual claiming responsibility for the incident.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.
Tags:
You need to be a member to post comments. Become a member for free today!

You have0 free articles left this month.
Register for a free account to access unlimited free content.
You have 0 free articles left this month.