Temu Refutes Violation as Hacker Boasts Stealing 87 Million Data Records: A Shocking Revelation

Imagine waking up one day and finding out that your personal data has been stolen and put up for sale by hackers. That’s the kind of nightmare scenario that customers of a popular e-commerce platform, Temu, recently faced when a threat actor claimed to have breached their database and stolen 87 million records of customer information.

Did the hacker really breach Temu?

Temu, a Chinese e-commerce platform known for its low-cost clothing, home goods, electronics, and accessories, has gained popularity in the United States and Europe for its deep discounts and promotional strategies. Despite facing scrutiny over data privacy, product quality, and shipping times, the platform had never found itself at the center of a major data breach incident – until now, that is.

Recently, a threat actor going by the name “smokinthashit” claimed to have stolen a database containing 87 million records from Temu and attempted to sell it to other cybercriminals. The alleged stolen data included usernames and IDs, IP addresses, full names, dates of birth, gender, shipping addresses, phone numbers, and hashed passwords.

Temu denies the breach

When we reached out to Temu for a statement, they categorically denied that the published data belonged to them and said they would press charges against those spreading this misinformation. According to Temu, their security team conducted a comprehensive investigation into the alleged data breach and found that the claims were false and that the data being circulated didn’t match their transaction records.

Temu also emphasized that the security and privacy of their users are of utmost importance and that they follow industry-leading practices for data protection and cybersecurity. The platform highlighted its MASA certification, independent validations, its HackerOne bug bounty program, and compliance with the PCI DSS payment security standard.

The threat actor insists the breach is real

When we contacted the threat actor about the breach, they continued to insist that they had indeed breached Temu. They even claimed to have ongoing access to the company’s email and internal panels, as well as knowledge of vulnerabilities in their code. However, the threat actor didn’t share any proof to support these claims, and we couldn’t determine whether they were valid or not.

Regardless of the authenticity of the data breach claims, they can still damage a company’s reputation and sow distrust among customers. With that in mind, if you’re a Temu user, it’s a good idea to enable two-factor authentication on your account, change your password to something new and unique, and stay alert for potential phishing attempts.

We reached out to Temu again about the threat actor’s further claims, but no response was immediately available.

Update 9/19: The threat actor has been banned on BreachForums for misrepresenting and attempting to sell data that was already publicly available. CheckPoint Research, investigating the claim, informed us that some of the information the threat actor posted appears to originate from a data breach at foreup.com, dating back to mid-2021.

In conclusion, it’s essential to stay vigilant and take every precaution to protect your personal data. Cybersecurity threats are constantly evolving, and companies must invest in robust security measures to keep their customers’ information safe. And as users, we should take every step to safeguard our data and ensure that we’re not falling victim to any potential breaches. If you want to learn more or need help securing your data, don’t hesitate to contact us and keep coming back for more information on cybersecurity.