Security Experts:

Order Information of OnePlus Customers Exposed in Data Breach

Chinese smartphone manufacturer OnePlus revealed on Friday that some customers’ order information was accessed by hackers who breached its systems.

According to the company, its security team recently noticed unauthorized access to order information, including names, phone numbers, email addresses and shipping addresses. The incident does not appear to impact all orders, and OnePlus is confident that payment information and passwords have not been compromised.

The company is concerned that the attackers may use the information to send out spam and phishing emails, and it has advised customers not to trust messages instructing them to provide their password or financial information.

It’s unclear how many individuals are affected by the incident, but the firm has promised to share more updates in the upcoming days.

OnePlus has notified authorities and it has patched the vulnerability exploited in the attack. “We've inspected our website thoroughly to ensure that there are no similar security flaws,” it said.

The company plans on launching an official bug bounty program by the end of the year to help it uncover security holes before they are exploited for malicious purposes.

While some have commended OnePlus for quickly notifying customers and for its public disclosure, others are not happy, particularly since this is the second breach suffered by the company in recent years.

In January 2018, the company revealed that up to 40,000 of its customers may have had their payment card information stolen after hackers injected malicious code into its website’s payment page.

Related: DoorDash Breach Exposes Data of Nearly 5 Mn Users

Related: Hackers Accessed Information of T-Mobile Prepaid Customers

Related: Bed Bath & Beyond Blames Password Reuse for Hacked Accounts

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.