Data of 310M Temu Users Compromised in Dark Web Breach
A significant cybersecurity incident has emerged involving the e-commerce platform Temu, with reports indicating that a threat actor has claimed possession of 310 million user records. This alarming figure is particularly concerning given that Temu reportedly has 416 million active users monthly. The implications of such a breach extend beyond mere numbers, raising critical questions about data security in the digital marketplace.
Details of the Alleged Breach
The cybercriminal, who posted on a dark web forum, asserts that they have obtained a comprehensive array of user account information, contact details, password hashes, and device metadata specifically for users in the Chinese market. The information reportedly includes:
- Full names
- Email addresses
- Phone numbers
- Unique identifiers
- Bcrypt password hashes
- Device information (both Android and iOS)
- Package details and app versions
- Registration and last login IP addresses
- Regional and language settings
- Geographic information
- Account creation and login timestamps
- Internal account indicators and metadata
To substantiate their claims, the seller has released 99 sample records, which have been verified to contain timestamps from 2026. This suggests that the data is current and not recycled from previous breaches, raising the stakes for affected users.
Experts analyzing the situation speculate that the compromised data may have originated from an internal account management system (CMS) or a third-party service responsible for managing Temu’s user accounts. This points to potential vulnerabilities in how user data is handled and stored.
Security Risks and Implications
While the passwords in question are stored as bcrypt hashes—making them more secure than plain text—experts caution that this does not eliminate risk. If threat actors can crack weaker keys, they may exploit these hashes in credential stuffing attacks, where stolen credentials from one breach are used to access accounts on other platforms.
Moreover, the combination of personal information, device details, and location data could be leveraged in highly targeted phishing campaigns or social engineering attacks. Cybercriminals could use this information to impersonate legitimate communications from Temu, further endangering users.
Temu’s Response to the Allegations
In response to the claims, a spokesperson for Temu has categorically denied that the stolen data originated from their systems. They stated, “The Temu security team has conducted a thorough investigation into the alleged data leak and can confirm that the claims are categorically false; the circulating data does not originate from our systems.”
The spokesperson further emphasized that Temu’s systems are certified by the Mobile Application Security Assessment (MASA) cybersecurity standard. They also noted the company’s collaboration with HackerOne for vulnerability identification and the implementation of two-factor authentication to enhance security. Additionally, Temu is a member of the Anti-Phishing Working Group and complies with PCI DSS standards for payment security.
Previous Incidents and Broader Context
This incident is not the first time Temu has faced allegations of data breaches. In 2024, another hacker claimed to have accessed 87 million lines of personal data from Temu users, a claim that the company also denied. These recurring issues highlight the ongoing challenges faced by e-commerce platforms in safeguarding user data amidst an increasingly sophisticated threat landscape.
As the digital economy continues to expand, the need for robust cybersecurity measures becomes ever more critical. Organizations must remain vigilant and proactive in their efforts to protect user data, especially in light of the growing prevalence of cyber threats.
For further details on this incident, refer to the source: Escudo Digital.
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.


