- A threat actor recently claimed that they had stolen 87 million customer data records from popular Chinese ecommerce company Temu.
- This claim has been denied by the company. It said that its security team checked the stolen data sample and it doesn’t match its records.
- However, the BreachForums hacking forum later banned the threat actor for misrepresentation and attempting to sell data that was already publicly available.
Temu has denied suffering any data breach after a threat actor, who goes by the name “smokinthashit” posted online, claiming that they have stolen 87 million records of customer data from the company.
The stolen data was put up for sale yesterday on the BreachForums hacking platform. There was even a small sample of the stolen data for potential buyers to check out. It includes usernames, DOBs, phone numbers, IP addresses, shipping addresses, passwords, and so on.
What Does Temu Have to Say About This?
Temu allegedly cross-checked that data and confirmed that it was not stolen from its systems.
‘Not a single line of data matches our transaction records’ – Temu
It also said that the company takes its reputation very seriously. So any attempts to tarnish it through such malicious activities will not be spared. It might take legal action against those responsible for this fake news if necessary.
- Reassuring its customers, the company added that the safety and privacy of its customers’ data is its topmost priority.
- It also follows industry-leading practices for data protection and cybersecurity so its customers can shop without worry.
- For example, Temu’s app has MASA certification and PCI DSS-compliant payment security standards, which have been independently validated.
- In addition, it also has a bug bounty program called HackerOne which rewards users for pointing out vulnerabilities in its platform.
Despite all these clarifications, the threat actors initially continued to say that those stolen records belonged to Temu. They even added that there are vulnerabilities in the platform’s code and they still have access to the company’s email and internal panels.
However, it was later found that a lot of the data breaches that they posted on the forum came from the breach that hit foreup.com in 2021. As a result, they were banned from the BreachForums hacking forum for misrepresentation and trying to sell data that was already publicly available.
Security Concerns Surrounding Temu
This isn’t the first time there have been security concerns regarding how Temu handles and protects user data. However, this concern isn’t coming from third parties or threat actors. It’s about Temu itself.
The company is allegedly using spyware to secretly collect user data resulting in more targeted marketing towards its users. This is in complete violation of the US federal wiretap laws. A class-action lawsuit has already been filed against it.
On top of that, the company has also been accused of failing to meet cybersecurity standards in the industry. Regardless of all the claims it made in its recent statement about its security practices, the investigation has revealed that it has put the data of its users at risk by adopting inadequate security measures just to lower its expenses.
Our Editorial Process
Our Editorial Process
Share
Print
