diff --git a/src/wp-includes/user-functions.php b/src/wp-includes/user-functions.php
index 48c7791939..36c245d7ae 100644
--- a/src/wp-includes/user-functions.php
+++ b/src/wp-includes/user-functions.php
@@ -1275,11 +1275,17 @@ function wp_insert_user( $userdata ) {
 	} elseif ( $userdata instanceof WP_User ) {
 		$userdata = $userdata->to_array();
 	}
+
 	// Are we updating or creating?
 	if ( ! empty( $userdata['ID'] ) ) {
 		$ID = (int) $userdata['ID'];
 		$update = true;
-		$old_user_data = WP_User::get_data_by( 'id', $ID );
+		$old_user_data = get_userdata( $ID );
+
+		if ( ! $old_user_data ) {
+			return new WP_Error( 'invalid_user_id', __( 'Invalid user ID.' ) );
+		}
+
 		// hashed in wp_update_user(), plaintext if called directly
 		$user_pass = $userdata['user_pass'];
 	} else {
diff --git a/tests/phpunit/tests/user.php b/tests/phpunit/tests/user.php
index 5f9771f6fa..c70aa970a0 100644
--- a/tests/phpunit/tests/user.php
+++ b/tests/phpunit/tests/user.php
@@ -819,6 +819,20 @@ class Tests_User extends WP_UnitTestCase {
 		$this->assertSame( $expected, $user->user_nicename );
 	}
 
+	/**
+	 * @ticket 28004
+	 */
+	public function test_wp_insert_user_with_invalid_user_id() {
+		$u = wp_insert_user( array(
+			'ID' => 123,
+			'user_login' => 'whatever',
+			'user_email' => 'whatever@example.com',
+			'user_pass' => 'password',
+		) );
+
+		$this->assertWPError( $u );
+	}
+
 	function test_changing_email_invalidates_password_reset_key() {
 		global $wpdb;