diff --git a/core/server/models/user.js b/core/server/models/user.js
index 02a46a0cbb..0b3fc50554 100644
--- a/core/server/models/user.js
+++ b/core/server/models/user.js
@@ -873,9 +873,16 @@ User = ghostBookshelf.Model.extend({
                     User.findOne({id: object.id}, {withRelated: ['roles']}));
             })
             .then(function then(results) {
-                var adminRole = results[0],
-                    user = results[1],
-                    currentRoles = user.toJSON(options).roles;
+                const adminRole = results[0];
+                const user = results[1];
+
+                if (!user) {
+                    return Promise.reject(new common.errors.NotFoundError({
+                        message: common.i18n.t('errors.models.user.userNotFound')
+                    }));
+                }
+
+                const currentRoles = user.toJSON(options).roles;
 
                 if (!_.some(currentRoles, {id: adminRole.id})) {
                     return Promise.reject(new common.errors.ValidationError({
diff --git a/core/test/integration/api/api_users_spec.js b/core/test/integration/api/api_users_spec.js
index 35dc327980..56303fadc3 100644
--- a/core/test/integration/api/api_users_spec.js
+++ b/core/test/integration/api/api_users_spec.js
@@ -1529,6 +1529,15 @@ describe('Users API', function () {
             }).catch(done);
         });
 
+        it('Owner can transfer ownership, but `id` does not exist', function () {
+            return UserAPI
+                .transferOwnership({owner: [{id: 'id'}]}, context.owner)
+                .then(Promise.reject)
+                .catch((err) => {
+                    err.statusCode.should.eql(404);
+                });
+        });
+
         it('Owner CANNOT downgrade own role', function (done) {
             // Cannot change own role to admin
             UserAPI.transferOwnership(