OnePlus reveals third-party accessed users’ data

OnePlus reveals third-party accessed users’ data

If an email hasn't landed in your inbox, you can assume your account details haven't been exposed - but as always, it's better to be safe than sorry.

Almost two years ago, OnePlus announced that it had experienced a security breach that resulted in the credit card details of roughly 40,000 customers being stolen. The brand hasn't revealed the number of customers that were affected by the security breach. Incidentally, this isn't the first time OnePlus has been the victim of a successful data breach. Back at the start of 2018, there was another security incident involving the company's online payment portal.

"That's how every company should handle data breaches".

This is Ziv, from the Security team.

The Chinese company said that the order information of some customers was accessed by an "unauthorised party".

However, OnePlus said that the affected users' payment information, passwords, and accounts haven't been exposed during the incident. All those customers who are affected by the breach may receive spam and phishing emails as a result of the incident, the company added. Apparently, OnePlus was able to prevent an intruder from causing more damage and reinforce security.

Before disclosing the data breach, OnePlus says that it informed the authorities and all impacted customers by email. It's good to see companies own up and take full responsibility of such incidents. Based on the choice of words, it appears OnePlus website's backend database was intentionally hacked to gain access to customer data. However, according to some ethical hackers, this breach could be worse, as the leaked data, like your name and address can't be easily changed, which means criminals can utilize this data to create phishing emails that seem legit. "We are also working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit", wrote the company at the time.

If you are a OnePlus user, then here's some bad news for you.

Although the breach does not involve your OnePlus account password, you are still recommended to change the password for your account.

"We are continually upgrading our security program".

The customers' order information included access to customers' names, contact numbers, emails, and shipping addresses. What can I do now?

Related Articles