Published on: September 20, 2024
Temu, a global e-commerce website based in China, denies that it recently suffered a data breach after conducting an internal investigation.
A hacker using the moniker, smokinthashit, claims to have breached Temu and stolen 87 million records of sensitive customer data. The information they claim to have includes full names, gender, date of birth, phone numbers, usernames, IP addresses, and hashed passwords.
To prove this, they posted a data sample on the infamous hacker site, BreachForums. They used the small sample to threaten Temu, prompting the company to conduct an internal investigation.
After it concluded, Temu publicly announced that there was no evidence supporting a data breach. According to its findings, the published samples aren’t real data records.
“Temu’s security team has conducted a comprehensive investigation into the alleged data breach and can confirm that the claims are categorically false; the data being circulated is not from our systems. Not a single line of data matches our transaction records,” Temu said to Bleeping Computer.
Reporters with Bleeping Computer also reached out to the threat actor. They insist that Temu has glaring vulnerabilities in its code and that they still have access to emails and internal panels.
“We take any attempt to tarnish our reputation or harm our users extremely seriously and reserve the right to pursue legal action against those responsible for spreading false information and attempting to profit from such malicious activities,” Temu warns.
Temu is no stranger to pursuing legal action. In the past, it sued competitor Shein for anti-competitive practices.
“At Temu, the security and privacy of our users are paramount,” Temu said. “We follow industry-leading practices for data protection and cybersecurity, ensuring that consumers can shop with peace of mind on our platform.”