Hackers claiming leak of 310 million Temu accounts: here's what we know

An alleged 310 million Temu user records have been put up for sale on a cybercrime forum. While the leaked samples appear recent, researchers say the scale of the alleged breach remains impossible to verify.

Chinese fast-fashion e-commerce retailer Temu has been the most recent listing on the illicit marketplace frequented by cybercriminals.

In the post, an alleged attacker claims that the stolen database contains approximately 310 million Temu user records. This is a bold claim, as Temu reportedly has 416 million monthly active users.

The listing alleges that the dataset includes Temu user account information, contact details, password hashes, and device metadata for users of the Chinese marketplace.

What Temu data was allegedly breached?

To support the claim, the seller published 99 sample records. Cybernews researchers have checked the 99 sample records shown in the attacker’s listing and found samples contain a broad range of account information, including:

• Full names
• Email addresses
• Phone numbers
• User identifiers
• bcrypt password hashes
• Device information (Android and iOS)
• App package and version details
• Sign-up and last login IP addresses
• Locale and language settings
• Geographic information
• Account creation and login timestamps
• Internal account flags and metadata

Our researchers noted that nearly all sample records contain account-creation or login timestamps from 2026, suggesting the information is relatively recent rather than recycled from older leaks.

However, they caution that there is no way to verify the seller's claimed scope of 310 million records.

Based on the structure of the sample records, our team believes the data may have originated from an internal account management system or a third-party service that handles Temu user accounts.

"The records include account IDs, internal flags, password hashes, device information, and user metadata. It looks like this was taken either from an internal CMS tool or from a third party that manages these accounts," they explained.

Risk of credential stuffing and phishing attacks

Although the passwords appear to be stored as bcrypt hashes rather than plaintext, the researchers warn that the exposure still creates significant security risks.

If attackers manage to crack weaker passwords, the credentials could be used in credential stuffing attacks.

During such attacks, stolen usernames and passwords are automatically tested across multiple online services in search of reused credentials.

The combination of names, contact information, device details, and location data could be easily exploited in highly-targeted phishing campaigns or social engineering attacks. Exposed metadata could help cybercriminals impersonate legitimate Temu communications

Cybernews has reached out to Temu for a comment. We will update this article once we receive a response.

Temu has been claimed before, but denied the breach

The massive numbers claimed in the listing may be a red flag, as it is not uncommon for hackers to use a well-known name, inflate the number of stolen records, and put it on sale, waiting for someone to fall for the trick. The dataset is valued at $700, which is not a high price for a dataset of this size.

There have been claims of Temu data breaches before. In 2024, a post appeared on an illicit marketplace listing the company. At the time, the attacker claimed to have stolen 87 million lines of personal data from Temu users.

Cybernews contacted Temu at the time, and the company denied that the data originated from its systems.

---

Unlock more exclusive Cybernews content on YouTube.