OnePlus has had a data breach: the company says that an "unauthorized party" has had access to the order information of some customers. In a statement, OnePlus says that some customer names, contact numbers, emails, and shipping addresses may be exposed, but also that & # 39; all payment information, passwords, and accounts are secure & # 39 ;. The company started notifying affected customers today.
In a frequently asked questions, the company says that the breach was discovered last week and that it "thoroughly inspected our website to make sure there are no comparable security errors." That suggests that the infringement took place via the OnePlus website, perhaps the online store, rather than through the phones.
The company said it "took immediate steps to stop the intruder and strengthen security" and ensure that there were no similar vulnerabilities, but it did not explain why it took more than a week to reveal the incident (or why it waited to do this until Friday before a major American holiday). The company apparently does not answer any questions: when we asked how many customers might have been affected, OnePlus simply shared a statement similar to the one who posted it online without additional information.
Despite the idea that your name, telephone number, and personal address may have all been exposed, the OnePlus FAQ claims that the worst thing that can happen is this:
What are the consequences?
Concerned users can receive spam and phishing emails as a result of this incident.
This is not the first security incident from OnePlus – in January 2018, the company said that up to 40,000 customers were affected by a vulnerability that stole customer credit card information.
OnePlus said in its FAQ that, as part of its efforts to upgrade its security program, it will work with a "world-renowned security platform next month" and launch a bug bounty program at the end of December. Maybe it should have done that after the first infringement.