Home Software Applications Hackers Claim to Be Selling 310 Million Alleged Temu User Records

Hackers Claim to Be Selling 310 Million Alleged Temu User Records

Representational image of Temu

This post is also available in: עברית (Hebrew)

Large online retailers are frequent targets for cybercriminals because they hold vast amounts of customer information. Even when the authenticity of an alleged breach cannot be confirmed, the publication or sale of user data can expose individuals to phishing campaigns, credential theft, and other cyber threats. As a result, security researchers closely examine leaked samples to determine whether they appear genuine and what risks they may pose.

A new listing on a cybercrime forum claims to offer approximately 310 million alleged user records associated with Temu. While researchers found that the published sample records appear recent, they emphasize that there is currently no way to verify whether the claimed database size is accurate or whether the information originated from the company’s own systems.

The seller published a sample of 99 records to support the claim. Researchers who examined those samples found a wide range of account information, including names, email addresses, phone numbers, account identifiers, bcrypt password hashes, device details, application version information, IP addresses, language settings, geographic data, login timestamps, and internal account metadata.

According to Cyber News, one notable finding was the apparent recency of the records. Many of the sample entries contained account creation or login timestamps from 2026, suggesting they are not simply recycled from older data leaks.

Based on the structure of the information, researchers believe the records may have originated from either an internal account management platform or a third-party service involved in managing user accounts. However, they stress that this assessment is based only on the published samples and does not confirm the source of the data.

Although the passwords appear to be protected using bcrypt hashing rather than stored in plain text, the alleged exposure could still create significant risks. Weak passwords may eventually be cracked, allowing attackers to launch credential-stuffing attacks against other online services where users have reused the same credentials.

From a cybersecurity perspective, the combination of contact information, device details, login history, and geographic metadata is often more valuable than passwords alone. Such information can be used to craft convincing phishing emails, impersonate legitimate customer support messages, or conduct targeted social engineering campaigns.

The company has not confirmed the alleged breach. Until additional evidence emerges, security researchers advise treating the claims cautiously while encouraging users to practice good password hygiene, enable multi-factor authentication where available, and remain alert for suspicious emails or messages requesting account information.