OnePlus Customers’ Personal Information Exposed in Latest Security Breach
While there's no denying that OnePlus makes excellent smartphone (and software,) their security is below par for a company of that caliber. Last year, the credit card details of around 40,000 OnePlus customers were stolen by an unknown hacker. Today, the OnePlus security team just posted a notice saying that customer information such as name, phone, email, and shipping address data for some customers was exposed via an unauthorized third-party. Interestingly, the company didn't state how many users were affected by the breach.
OnePlus says that the vulnerability has since been fixed. Payment information and passwords still secure.
Unlike last year's gaffe, OnePlus confirms that payment information and passwords were not exposed. Additionally, OnePlus states that not all customers have been affected. The ones who have been should receive an email intimating them about the same. The company requests all affected users to beware of spam and phishing emails. If you've received such an email, feel free to contact OnePlus support for more assistance, though we're not sure what that will accomplish.
OnePlus further adds that it has hardened its internal security practices to ensure that this doesn't happen again. It's also working together with authorities to get to determine who was responsible for the breach. The company may also announce a bug bounty program by the end of December to ensure that all further vulnerabilities are fixed before a malicious actor can take advantage of them.
Despite their best efforts, no company is free from data breaches (with the notable exception of Google.) At this point, they've become fairly commonplace and we get to hear about one more often than we should. But, a company's website getting hacked multiple times is downright unacceptable.
After their infamous credit card information leak last year, OnePlus should have doubled down on their security practices. Bug bounty programs are often the best way to go and the company needed to have several in place yesterday.