Data Breaches Hit Brazilian AI Firm and Japanese Retailer
A threat actor named Spirigatito has claimed responsibility for a data breach at LifesHub, a Brazilian AI and data intelligence firm, exposing 257 million records. Separately, Japanese sex toy manufacturer Tenga disclosed a breach that exposed customer names, emails, and order details, with the threat actor remaining unidentified.
- The Tenga breach stemmed from a Business Email Compromise (BEC) attack, a form of social engineering where an attacker gains access to a corporate email account. - After gaining access, the attacker used the compromised Tenga employee's inbox to send spam and phishing messages to the employee's contacts, including other customers. - In response to the incident, Tenga reset the employee's credentials and enabled multi-factor authentication (MFA) across its systems to prevent similar intrusions. - The initial breach notification was sent by Tenga Store USA, leaving it unclear if customers outside of the United States were affected by the email account compromise. - The average cost of a data breach in the retail sector rose to $3.54 million in 2025, with phishing and the use of compromised credentials being the most common attack vectors. - Due to the sensitive nature of the exposed customer data, at least one national class-action law firm has publicly announced it is investigating claims against Tenga for the breach.
