Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Temu accused of monitoring users’ offsite activity with secret spyware in new class action

Chinese-operated online marketplace Temu is facing a potential class action lawsuit after it was alleged that the company was using malicious spyware to collect data from its users.

user icon Daniel Croft
Wed, 25 Oct 2023
Temu accused of monitoring users’ offsite activity with secret spyware in new class action
expand image

According to the class action, Temu violated US federal wiretap laws with its “clandestine tracking activities”, which saw the company profit from its illegal collection of customer data, which resulted in marketing that was more targeted to the consumer.

Allegedly, Temu was able to monitor the offsite activity of its customers by injecting JavaScript code for spyware in websites that users visit from the Temu website. Data collected in the process includes names, addresses, email addresses, phone numbers, biometric data, social security numbers and credit card and financial information, according to the class action.

Additionally, legal teams representing plaintiff Eric Hu have said that Temu failed to meet a standard of cyber security, putting customer data at risk of being stolen by threat actors. The company has been accused of cutting corners with its cyber security in an effort to lower expenses.

============
============

“[Temu] grossly failed to comply with security standards and allowed its customers’ financial information to be compromised, all in an effort to save money by cutting corners on security measures that could have prevented or mitigated the breach,” said Hu’s attorneys.

The class action also cites a recent NBC Chicago report that saw US non-profit The Better Business Bureau (BBB) say it had received over 900 complaints regarding unauthorised transactions and withdrawals appearing on the accounts of users who had made recent Temu purchases.

Temu’s developers have a history riddled with malware use. Another marketplace app owned by parent company PDD Holdings called Pinduoduo was removed from the Google Pay Store after it was discovered that the app featured spyware that targeted users and competitors.

Many of the developers behind Pinduoduo were shifted to work on Temu following this.

The class action isn’t the only legal trouble Temu is facing at the moment, with the app having launched a lawsuit against rival Chinese marketplace app Shein.

The lawsuit alleges that Shein worked to convince its suppliers not to work with Temu. Shein then filed a countersuit, which accused Temu of emulating it for marketing purposes in an effort to persuade users to download the app.

A congressional investigation is also underway into both Shein and Temu regarding their labour practices and the sourcing of their products.

US lawmakers have issued warnings saying that there is a high likelihood that the products sold on Temu and Shein may have been manufactured using forced Uyghur labour.

Adidas and Nike are also under investigation.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.