Smartphone manufacturer OnePlus has been the victim of a data breach in which an unauthorized party gained access to customer’s order information. One Plus has released a statement revealing that customer names, contact numbers, emails, and shipping addresses might have been susceptible to theft.
However, they have revealed that customer’s payment information, passwords, and accounts are secure. The impacted users of the breach are likely to receive a plethora of spam emails and phishing attempts. OnePlus states that users are not required to take any action if their information is leaked, other than remaining vigilant and aware of the phishing attempts.
In their initial statement, OnePlus has taken immediate steps to stop the attacks and reinforce their cybersecurity, though they did not elaborate specifically on what new measures have been set in place or why it took a week to disclose the breach. Despite the lack of clarification, they have announced that they are planning to partner with a security platform to launch a bug bounty program, in which individuals would be recognized/compensated for reporting bugs and security flaws.
In a follow up statement, the global community manager David Y stated on Saturday that OnePlus’ first priority was “eradicating risks and informing affected users”. Indeed, users have reported receiving emails informing them of the breach. David Y goes on to say that OnePlus is working on making a comprehensive case review that will be the jumping off point for future improvement measures.
Users were quick to comment on the thread and point out that this is not the first time OnePlus has had security failures. In January 2018, OnePlus disclosed a 40,000 customer data breach, in which affected members had their card information stolen. That breach was the result of a malicious script that was injected into the payment page code. A similarly straightforward culprit for the current breach has yet to be revealed.