TENGA , a Japanese manufacturer of adult products, confirmed that a phishing attack targeted one of its employees, leading to unauthorized access to a professional email account and potentially exposing the account’s inbox contents.
The company said that a limited segment of US customers who interacted with Tenga were affected, and that the information involved was limited to customer email addresses and related correspondence history, with no Social Security numbers, billing or credit card information, or TENGA/iroha Store passwords compromised.
The incident appears to have involved the use of a compromised email account to send spam messages, including an attachment, with the company noting that there was no risk to devices or data if the attachment was not opened. Tenga proactive contacted potentially affected customers and advised them to change passwords and remain vigilant for suspicious activity, including sextortion-themed phishing attempts. Malwarebytes notes that the breach underscores the importance of monitoring for phishing and promptly updating security measures after such incidents.