OnePlus Users Are At Grave Risk; Company Confirms Data Breach

Chinese smartphone maker OnePlus confirmed earlier today that it had suffered a data breach stating that an unauthorized party accessed customers’ order information. In a statement, the company discloses that some details about customers, including names, emails, shipping addresses, and contact numbers, have been exposed. OnePlus further says that it has started notifying customers earlier today, ensuring them that the payment information and passwords are safe.

The Chinese smartphone maker also states in an FAQ that it learned about the breach last week. Additionally, the team has already inspected the website thoroughly to make sure that no other security flaw is left unturned. This means that the breach took place on the OnePlus online store and not in OnePlus smartphones.

OnePlus says that it already made the immediate and necessary steps to stop the intruder, strengthen the security, and to ensure that all similar vulnerabilities are eliminated. Interestingly, the company did not explain why it took over a week to reveal the incident. Additionally, the company declines to answer questions like how many users were affected by the recent data breach.

OnePlus simply shares another statement similar to what it has recently posted online without any additional details about the breach. It is worth noting that this is not the first time that OnePlus suffered from a security breach. It can be recalled that in Jan. 2018, the Chinese smartphone maker revealed that up to 40,000 customers had been victims of a security breach that stole credit card details of its customers.

Last week while monitoring our systems, our security team discovered that some of our users' order information was accessed by an unauthorized party. We can confirm that all payment information, passwords and accounts are safe, but the name, contact number, email and shipping address in certain orders may have been exposed.

We understand that personal information is very important to our users, and all impacted users were notified via email. If you don't get an email from us today, rest assured that your order information is safe. However, if you have further concerns, please contact us at Customer Support for assistance.

The Chinese smartphone maker says in its FAQ that one of its efforts to strengthen its security program is to partner with a world-renowned security platform in December. It also reveals that it will offer a bug bounty program before the year ends, similar to that of Google, Apple, and other tech giants.