Temu, a popular e-commerce platform, has denied allegations of a data breach after a hacker claimed to have stolen 87 million customer records. The threat actor posted a small sample of the alleged data on BreachForums, including personal details such as:
If it were legitimate, this data could potentially be used for identity theft, phishing attacks, or account takeovers.
The breach allegations were made on Sept. 16. Temu swiftly responded by stating that a thorough investigation was conducted, and they found no match between the sample data and their own records.
According to the company, an internal investigation found no connection between the leaked data and its systems. Temu emphasized that it adheres to strict data protection measures, including compliance with the PCI DSS standard, an industry-recognized certification for securing payment data. Additionally, Temu highlighted its HackerOne bug bounty program, which encourages external security researchers to report vulnerabilities.
"Temu's security team has conducted a comprehensive investigation into the alleged data breach and can confirm that the claims are categorically false; the data being circulated is not from our systems. Not a single line of data matches our transaction records," Temu told BleepingComputer.
The company also threatened legal action against anyone who spreads false information, a strong stance to protect its reputation in a highly competitive market where customer trust is essential.
"We take any attempt to tarnish our reputation or harm our users extremely seriously and reserve the right to pursue legal action against those responsible for spreading false information and attempting to profit from such malicious activities," Temu added.
Despite Temu's stance, the hacker insisted he still has access to the online marketplace’s systems and pointed to vulnerabilities in Temu’s code. However, without further proof, these claims remain speculative. Nonetheless, the possibility of a breach, actual or not, leaves users in a precarious situation, unsure whether their personal information is safe.
Even if a data breach hasn’t been confirmed, users can still take measures to safeguard their accounts and personal information.
Here’s what you can do:
Have a chat with Bitdefender Scamio, our AI-powered scam detector, to help you determine whether unsolicited messages or emails could be a scam. Simply describe the message or request, and Scamio will analyze the information and respond. Scamio is available on Facebook Messenger, WhatsApp, and your web browser. You can also help others stay safe by sharing Scamio with them in France, Germany, Spain, Italy, Romania, Australia, and the UK.
Use Bitdefender’s Digital Identity Protection for:
- Instant Alerts: You can immediately react to data breaches and privacy threats and take swift action to prevent damage, such as changing passwords, via one-click action items.
- Real-time monitoring: The service continuously scans the internet and dark web for your personal information. You will receive alerts whenever your data is involved in a breach or leak.
- Peace of mind: This service immediately flags suspicious activity and actively monitors personal information for peace of mind.
- A 360° view of all your personal data: See your digital footprint, including traces from services you no longer use but that still have your data, and even send requests for data removal from service providers.
tags
Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.
View all postsSeptember 06, 2024
September 02, 2024
August 13, 2024
July 25, 2024