Cyber Security Center

OnePlus confirms data breach


Chinese Smartphone manufacturer OnePlus has disclosed a data breach that revealed personal information of its customers.

 

Screenshot (104)

Chinese smartphone manufacturer OnePlus has revealed that an unauthorized party has accessed users’ order information. According to a FAO posted by the smartphone manufacturer, the company’s security team discovered the breach while monitoring their systems last week. Information such as name, contact number, email and shipping addresses of some orders has been accessed by an unauthorized party. The company is quick to reassure that payment information, passwords and accounts are safe.

“We can confirm that your payment information, password and accounts are safe, but your name, contact number, email and shipping address may have been exposed,” an email about the breach sent to affected users states.

According to the company, immediate actions were taken to stop the intruder after the unauthorized access was noticed. Relevant authorities have been contacted, and OnePlus has informed the affected users. While the company has not revealed how exactly the breach happened, it is believed that a vulnerability in its website was at fault.

“We took immediate steps to stop the intruder and reinforce security, making sure there are no similar vulnerabilities. Before making this public, we informed our impacted users by email. Right now, we are working with the relevant authorities to further investigate this incident.”

Affected users should have received an email about the incident by now, and OnePlus reassures that users who have not received a notification were not affected by the breach. OnePlus does not specify the number of users affected.

The company has warned that impacted users may receive spam and phishing emails. Because the unauthorized party gained access to some personal information, the phishing emails may appear more legitimate, so users need to be on their guard. One important thing to keep in mind is OnePlus will never ask for passwords or personal information via email or phone. And while OnePlus account passwords were not breached, it still is recommended to change them as a precaution.

To prevent similar incidents in the future, OnePlus has partnered with a world-renowned security platform, and will launch an official bug bounty program by the end of the year.

This is not the first time the company has suffered a security breach. In January 2018, hackers were able to inject a malicious script on the company’s online store, which allowed them to steal payment information of around 40,000 customers.