Data of 300M+ Temu users for sale on dark web
Data of 300M+ Temu users for sale on dark web
https://www.escudodigital.com/en/cybersecurity/data-of-300m-temu-users-for-sale-on-dark-web.html
Publish Date: 2026-07-01 01:10:00
Source Domain: www.escudodigital.com
Using an unordered list, summarize the following article with between 4 and 8 key points.
If you frequently shop on Temu, your data may have fallen into the wrong hands. A threat actor has posted a message on a dark web forum boasting of possessing 310 million user records from the e-commerce platform. This is not a trivial figure, as Temu supposedly has 416 million active users per month.
In his post, the cybercriminal claims to have user account information, contact data, password hashes, and device metadata for users of the Chinese market.
Specifically, the adversary allegedly exfiltrated full names, email addresses, phone numbers, identifiers, bcrypt password hashes, device information (Android and iOS), package details, and app version, registration and last login IP addresses, regional and language settings, geographic information, account creation and login timestamps, as well as internal account indicators and metadata.
To support his claim, the seller has published 99 sample records. Cybernews has verified that these have account creation or login timestamps from 2026, suggesting that the information is relatively recent and has not been recycled from previous breaches.
Experts from the site believe the data may come from an internal account management system (CMS) or a third-party service that manages Temu’s user accounts.
Although the passwords are not stored in plain text but as bcrypt hashes, researchers warn that the exposure poses significant security risks.
If threat actors manage to crack weaker keys, these can be used in credential stuffing attacks.
On the other hand, the combination of names, contact information, device details, and location data could be easily exploited in highly targeted phishing campaigns or social engineering attacks.
Additionally, the exposed metadata could help cybercriminals impersonate legitimate communications from Temu.
Temu denies the claim
A spokesperson for the Chinese company has denied that the stolen data came from their systems. “The Temu security team has conducted a thorough investigation into the alleged data leak and can confirm that the claims are categorically false; the circulating data does not originate from our systems,” they told the Cybernews team.
“Temu’s systems are certified by the Mobile Application Security Assessment (MASA) cybersecurity standard, we collaborate with HackerOne for vulnerability identification, and we implement two-factor authentication for added security. Temu is also a member of the Anti-Phishing Working Group and complies with PCI DSS standards for payment security,” the spokesperson added.
Unfortunately, this is not the first time the Asian e-commerce app has seen its data leaked on the dark web. In 2024, another hacker claimed to have obtained 87 million lines of personal data from Temu users, although the mandarin company also denied that they originated from their systems.
If you frequently shop on Temu, your data may have fallen into the wrong hands. A threat actor has posted a message on a dark web forum boasting of possessing 310 million user records from the e-commerce platform. This is not a trivial figure, as Temu supposedly has 416 million active users per month.
In his post, the cybercriminal claims to have user account information, contact data, password hashes, and device metadata for users of the Chinese market.
Specifically, the adversary allegedly exfiltrated full names, email addresses, phone numbers, identifiers, bcrypt password hashes, device information (Android and iOS), package details, and app version, registration and last login IP addresses, regional and language settings, geographic information, account creation and login timestamps, as well as internal account indicators and metadata.
To support his claim, the seller has published 99 sample records. Cybernews has verified that these have account creation or login timestamps from 2026, suggesting that the information is relatively recent and has not been recycled from previous breaches.
Experts from the site believe the data may come from an internal account management system (CMS) or a third-party service that manages Temu’s user accounts.
Although the passwords are not stored in plain text but as bcrypt hashes, researchers warn that the exposure poses significant security risks.
If threat actors manage to crack weaker keys, these can be used in credential stuffing attacks.
On the other hand, the combination of names, contact information, device details, and location data could be easily exploited in highly targeted phishing campaigns or social engineering attacks.
Additionally, the exposed metadata could help cybercriminals impersonate legitimate communications from Temu.
Temu denies the claim
A spokesperson for the Chinese company has denied that the stolen data came from their systems. “The Temu security team has conducted a thorough investigation into the alleged data leak and can confirm that the claims are categorically false; the circulating data does not originate from our systems,” they told the Cybernews team.
“Temu’s systems are certified by the Mobile Application Security Assessment (MASA) cybersecurity standard, we collaborate with HackerOne for vulnerability identification, and we implement two-factor authentication for added security. Temu is also a member of the Anti-Phishing Working Group and complies with PCI DSS standards for payment security,” the spokesperson added.
Unfortunately, this is not the first time the Asian e-commerce app has seen its data leaked on the dark web. In 2024, another hacker claimed to have obtained 87 million lines of personal data from Temu users, although the mandarin company also denied that they originated from their systems.
Become a premium member for free!