Get all your news in one place.
100’s of premium titles.
One app.
Start reading
The Street
The Street
Fernanda Tronco

Temu threatened by hacker claiming data breach that company denies

Cyber attacks are not a strange occurance worldwide, and the U.S. seems to be a main target.  

In 2021, people and businesses in the U.S. were the target of 46% of registered cyber attacks, more than double the rate of any other country. 

Related: New Biden proposal targets Shein and Temu for 'abuse'

Data breach costs are at their highest ever, with a global average cost of nearly $5 million in 2024 alone, a 10% increase from the year prior.

What's even more worrisome is that the probability of personal data being leaked on e-crime sites increased by 76% in 2023 and is predicted to be even higher in 2024.

Data breaches on average cost $5 million so far this year. 

Temu suffers claims of data breach by hacker on the dark web 

A cybercriminal who goes by the name 'smokinthashit' claims to have hacked Temu's database and stolen millions of customers' personal information.

The hacker posted this announcement on BreachForums, also known as Breached, which is a popular hacking crime forum on the dark web that works as a marketplace for stolen data. 

To further prove that the announcement was real, the hacker attached an image that exposed a couple of Temu users' personal data, which included their IDs, usernames, full names, birth dates, IP addresses, gender, shipping addresses, phone numbers, and even blurred passwords.

However, the hacker's account has no previous record of data breaches, and its authentication has yet to be confirmed.

Nonetheless, if the claims are proven to be true, millions of people could risk losing other accounts with the same password and username or suffer from identity theft and wire fraud.

Temu fires back at data breach claims by denying the allegations 

Temu  (PDD)  quickly fired back at the damaging claims and denied the supposed data breach, claiming all customer data is safe from exposure.

Related: Temu unveils new strategy in the spark of lawsuit

A data breach associated with Temu, or any other company, could result in irreparable reputational harm.

The idea that this retail company lacks the proper cyber security to protect its customers' data, especially when Temu is considered an e-retail giant, could completely destroy its credibility and trust with its users.

Temu provided the following statement to The Street:

Temu's security team has conducted a comprehensive investigation into the alleged data breach and can confirm that the claims are categorically false; the data being circulated is not from our systems. Not a single line of data matches our transaction records. 

We take any attempt to tarnish our reputation or harm our users extremely seriously and reserve the right to pursue legal action against those responsible for spreading false information and attempting to profit from such malicious activities. 

At Temu, the security and privacy of our users are paramount. We follow industry-leading practices for data protection and cybersecurity, ensuring that consumers can shop with peace of mind on our platform. Temu users can continue to shop with confidence, knowing their personal data is protected.

As of 2024, Temu has around 167 million active users worldwide, of which approximately 50.4 million are from the U.S.

The hacker claims to have stolen around 87 million customer information records, meaning about half of its users could be in an extremely vulnerable situation. 

Companies who have suffered the consequences of weak cyber security

Temu is not the first or last company to allegedly be cyber-attacked; multiple companies, including those in the tech industry, have suffered the consequences of data breaches by hackers. 

In March, AT&T T released a statement announcing a data breach that resulted in customers' personal information leaking all over the dark web, exposing 7.6 million current account holders and approximately 65.4 million former account holders.

More Retail:

In July, AT&T made another announcement that customer data, including records of its customers' calls and texts, customer interaction calls, and phone numbers, had been illegally downloaded. 

However, AT&T stated they didn't believe the data to be publicly available, but this claim has not been reaffirmed since.

Related: Veteran fund manager sees world of pain coming for stocks

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.