Temu has dismissed claims of a major data breach of 87 million records.

According to a sample seen, and shared on social media, the breached data contains sensitive personal information such as names, email addresses, home addresses and telephone numbers of individuals from various nationalities - and is being sold on dark web forums. 

A seller named “smokinthashit” is trying to sell the data on BreachForums, according to media reports, and is trying to sell it to “only serious people and not timewasters.”

However Temu has been quick to assure users that their data is safe, and according to Bleeping Computer, Temu says it has examined and cross-checked the data samples with its database, but no matches were found. 

Comprehensive investigation

"Temu's security team has conducted a comprehensive investigation into the alleged data breach and can confirm that the claims are categorically false; the data being circulated is not from our systems. Not a single line of data matches our transaction records," Temu told BleepingComputer.

"At Temu, the security and privacy of our users are paramount. We follow industry-leading practices for data protection and cybersecurity, ensuring that consumers can shop with peace of mind on our platform."

It also said it takes “any attempt to tarnish our reputation or harm our users extremely seriously” and reserves the right to pursue legal action against those responsible for spreading false information, “and attempting to profit from such malicious activities."

Akhil Mittal, senior security consulting manager at the Synopsys Software Integrity Group, said this is a common occurrence: hackers claim a breach, and the company denies it. 

"Whether the breach happened or not, the real challenge is managing the perception of insecurity that sticks with customers," Mittal said. "Once customers hear about a possible breach, they start to worry. They may question if their data is safe, change passwords, or even consider leaving the platform for a competitor. 

"Temu is saying the right things by highlighting its PCI DSS compliance and security protocols, but that’s not enough to ease customer anxiety. Temu has an opportunity to go further by bringing in a third-party security audit or providing regular, transparent updates on its security practices. This would give users confidence that their data is safe and show that the company is taking these concerns seriously."

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.