Temu fights back against massive data breach allegations—is it enough to rebuild trust?

Written by

Published 19 Sep 2024

Fact checked by

NSFW AI Why trust Greenbot

We maintain a strict editorial policy dedicated to factual accuracy, relevance, and impartiality. Our content is written and edited by top industry professionals with first-hand experience. The content undergoes thorough review by experienced editors to guarantee and adherence to the highest standards of reporting and publishing.

Disclosure

Free The word tiem is spelled out with scrabble tiles Stock Photo

Photo by Markus Winkler from Pexels

E-commerce giant Temu has firmly denied claims of a massive data breach, which allegedly compromised the personal information of 87 million users—a denial that came as the company grapples with a significant trust deficit among American consumers amidst its growing popularity.

On Tuesday, September 17, a threat actor, with the username ‘smokinthashit,’ posted an advertisement on BreachForums for a stolen database from Temu. It allegedly included sensitive information such as usernames, IP addresses, and hashed passwords. 

Temu refuted these claims in a statement to BleepingComputer saying, “Temu’s security team has conducted a comprehensive investigation into the alleged data breach and can confirm that the claims are categorically false; the data being circulated is not from our systems. Not a single line of data matches our transaction records.”

They then emphasized their commitment to data security, saying that they have complied with industry standards like PCI DSS and participated in the HackerOne bug bounty program. The company also mentioned its MASA certification and independent validations as part of its robust cybersecurity practices.

However, not while before the company’s swift denial, the incident went on to social media, inadvertently reaching its user base and reigniting discourse about data security and trust. 

A recent Omnisend survey found that only 6% of American consumers trust Temu, while 86% trust Amazon. This is despite the fact that 68% of consumers have shopped on Temu, mainly because of its substantial discounts and low prices.

This paradox of low trust but high usage outlines a critical challenge for Temu. While consumers are drawn to the platform’s affordability, lingering doubts about data security and business practices persist. 

Moreover, a report from Brox.ai emphasized the need for Temu to focus on transparency, data security, and ethical practices to build a more reliable brand image.

“Ensuring robust data security measures could help alleviate these concerns,” the Brox.ai report suggested. It also recommended that Temu work on being more transparent about its business practices and address any negative perceptions publicly.

Expert opinions, such as those from Akhil Mittal, a senior security consulting manager at Synopsys Software Integrity Group, pointed out the real challenge lies in managing customer perception.

“Whether the breach happened or not, the real challenge is managing the perception of insecurity that sticks with customers,” Mittal said. “Once customers hear about a possible breach, they start to worry. They may question if their data is safe, change passwords, or even consider leaving the platform for a competitor.” 

While the hacker remains adamant about the breach, their claims have since been discredited, with BleepingComputer revealing that the threat actor was banned from BreachForums for misrepresenting and attempting to sell publicly available data from a different breach. This development further supports Temu’s stance that the alleged breach was just a fabrication.