Temu denies it was hacked or suffered an information breach after a risk actor claimed to be promoting a stolen database containing 87 million information of buyer data.
The risk actor put the alleged information up on the market yesterday on the BreachForums hacking discussion board, together with a small pattern to function proof of the stolen information.
Temu says it has examined and cross-checked the info samples with its database, however no matches have been discovered.Â
Hacker claims to breach Temu
Temu is a quickly rising e-commerce platform providing a variety of merchandise at aggressive costs, specializing in low-cost clothes, dwelling items, electronics, and equipment.
Temu is Chinese language however operates globally, together with in Europe and america, the place it gained recognition for its deep reductions and promotional methods.
Although Temu has confronted scrutiny over issues regarding information privateness, product high quality, and delivery occasions, it has not discovered itself on the epicenter of a serious information breach incident as of but.
Yesterday, a risk actor utilizing the moniker ‘smokinthashit’ claimed to have stolen a database with 87 million information from Temu and tried to promote it to different cybercriminals.Â
The risk actor printed samples of the allegedly stolen information that contained usernames and IDs, IP addresses, full names, dates of start, gender, delivery addresses, cellphone numbers, and hashed passwords.
Supply: BleepingComputer
Temu says it wasn’t breached
Responding to BleepingComputer’s request for remark, Temu categorically denied the printed information is theirs and mentioned it will press expenses towards these spreading this misinformation.
“Temu’s safety workforce has performed a complete investigation into the alleged information breach and might verify that the claims are categorically false; the info being circulated will not be from our programs. Not a single line of knowledge matches our transaction information,” Temu instructed BleepingComputer.
“We take any try and tarnish our status or hurt our customers extraordinarily severely and reserve the proper to pursue authorized motion towards these chargeable for spreading false data and making an attempt to revenue from such malicious actions.”
“At Temu, the safety and privateness of our customers are paramount. We observe industry-leading practices for information safety and cybersecurity, making certain that customers can store with peace of thoughts on our platform.”
The e-commerce platform additionally underlined that it follows industry-leading information safety and cybersecurity practices, noting the app’s MASA certification, impartial validations, its HackerOne bug bounty program, and compliance with the PCI DSS cost safety normal.
Menace actor says the breach is actual
BleepingComputer contacted the risk actor in regards to the breach, they usually continued to say they breached Temu.
The risk actor claims to nonetheless have entry to the corporate’s electronic mail and inside panels, and that there are vulnerabilities of their code.
Nonetheless, the risk actor didn’t share any proof of those claims, and BleepingComputer can’t decide whether or not they’re legitimate.
Whether or not or not the info breach claims are legitimate, they’ll nonetheless hurt a agency’s status and seed mistrust in clients.
Out of an abundance of warning, if you’re a Temu person, it will be prudent to allow two-factor authentication in your account, change the password to one thing new and distinctive, and keep vigilant for potential phishing makes an attempt.
BleepingComputer contacted Temu once more about these additional claims, however no response was instantly out there.