Temu does not offer any authentication technology beyond username and password.
“At this point, you need to make a choice about whether or not you want to use Temu. Do you use it with the awareness that, should there be a breach, there is no second factor to prevent access? Or do you stop using Temu until it remedies this problem?,” writes the author of the ZDNET* article. Temu is an online marketplace based in Boston, Massachusetts and operated by the Irish-based Chinese e-commerce company PDD Holdings. With heavy advertising, it offers heavily discounted goods which are mostly shipped to consumers directly from manufacturers in China.
Single layer security may have been good enough to defend against the attacks from a decade ago but these days it can be very dangerous to only rely on a password. People still tend to use a small number of passwords that are familiar to them and sometimes heavily overuse them. This means that credential stuffing can be applied where cybercriminals use usernames and passwords which have been stolen from previous breaches on other sites and hope to get lucky.
Such attempts can often have successful hit rates and therefore gain entry to personal or even financial information held on sites with only a password as the defence layer. With security in mind, it is important to try and only have accounts with sites that offer two factor authentication and make sure it is turned on – especially for sites that request users to store their details on their servers.
by Jake Moore, ESET
ESET Ireland 