Chinese smartphone vendor OnePlus discloses a new data breach

Chinese smartphone vendor OnePlus has suffered a new data breach, according to a company’s notice hackers accessed customers’ order information.

OnePlus disclosed a data breach, an “unauthorized party” accessed some customers’ order information, including names, contact numbers, emails, and shipping addresses.

“We want to update you that we have discovered that some of our users’ order information was accessed by an unauthorized party.” reads the statement published by the company. “We can confirm that all payment information, passwords and accounts are safe, but certain users’ name, contact number, email and shipping address may have been exposed. Impacted users may receive spam and phishing emails as a result of this incident.”

The company said that it took immediate measures to lock out the attackers and reinforce security. OnePlus notifies impacted users by email and reported the incident to the relevant authorities, an investigation is still ongoing.

OnePlus discovered the breach last week while monitoring its systems.

“Last week while monitoring our systems, our security team discovered that some of our users’ order information was accessed by an unauthorized party,” the company said. ” We can confirm that all payment information, passwords and accounts are safe, but the name, contact number, email and shipping address in certain orders may have been exposed.”

OnePlus pointed out that not all customers were affected and that the attackers were not able to access financial information and, passwords, and associated accounts.

At the time of writing the company did not reveal details of the attack and the vulnerability exploited by the attackers.

The good news is that the company decided to launch an official bug bounty program by the end of December 2019.

“We’ve inspected our website thoroughly to ensure that there are no similar security flaws. We are continually upgrading our security program – we are partnering with a world-renowned security platform next month, and will launch an official bug bounty program by the end of December. ” concludes the company’s statement.

Anyway, let me suggest to change your OnePlus account password and to remain vigilant on suspicious and unsolicited emails that could attempt to trick you into revealing your credit card data or other sensitive data.

Early 2018, OnePlus disclosed another security breach that affected its online payment system. At the time, hackers stole credit card information belonging to up to 40,000 customers.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – OnePlus, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.