29.06.2026
2 min
10
A database allegedly containing information on 310 million Temu users has been put up for sale on a cybercrime forum. Although the leaked sample records appear to be relatively recent, the actual scale of the alleged breach cannot currently be verified.
The seller claims to possess a massive database of users from the Chinese online marketplace. If the claim is true, it would represent an extraordinarily large-scale incident, given that Temu reportedly has around 416 million monthly active users.
To support the claim, the seller published 99 sample records.
Analysis of the samples revealed that they contain a wide range of user information, including:
Full names
Email addresses
Phone numbers
User IDs
bcrypt password hashes
Android and iOS device information
App versions and package identifiers
Registration and last login IP addresses
Language and localization settings
Geographic information
Account creation and login timestamps
Internal account flags and other metadata
Most of the published records include timestamps from 2026, suggesting the data may be relatively recent rather than recycled from older breaches. However, there is currently no way to verify the seller’s claim that the database contains 310 million records.
Based on the structure of the samples, researchers believe the data may have originated from Temu’s internal account management system or from a third-party service responsible for managing user accounts.
“The records contain account identifiers, internal flags, password hashes, device information, and user metadata. It appears the data was taken either from an internal CMS tool or from a third party managing these accounts.”
Although the passwords appear to be stored as bcrypt hashes rather than in plain text, the exposure still poses significant security risks. If attackers are able to crack weaker passwords, the stolen credentials could be used in credential stuffing attacks, where the same username and password combinations are automatically tested across multiple online services.
In addition, the combination of names, email addresses, phone numbers, device details, IP addresses, and location data could make targeted phishing and social engineering attacks much more convincing. The exposed metadata could help cybercriminals disguise fraudulent messages as legitimate communications from Temu.
Temu has not confirmed the alleged data breach.
At the same time, security experts urge caution when assessing such claims. Cybercriminals frequently use the names of well-known companies and inflate the number of allegedly stolen records to attract buyers. In this case, the entire dataset is being offered for just $700, a surprisingly low price for a database of this claimed size.
This is not the first time Temu has been linked to alleged data leaks. In 2024, another listing on an underground marketplace claimed to contain 87 million Temu user records. At the time, the company said its investigation found no evidence that the data originated from its systems.
