Security Experts:

Connect with us

Hi, what are you looking for?



Order Information of OnePlus Customers Exposed in Data Breach

Chinese smartphone manufacturer OnePlus revealed on Friday that some customers’ order information was accessed by hackers who breached its systems.

Chinese smartphone manufacturer OnePlus revealed on Friday that some customers’ order information was accessed by hackers who breached its systems.

According to the company, its security team recently noticed unauthorized access to order information, including names, phone numbers, email addresses and shipping addresses. The incident does not appear to impact all orders, and OnePlus is confident that payment information and passwords have not been compromised.

The company is concerned that the attackers may use the information to send out spam and phishing emails, and it has advised customers not to trust messages instructing them to provide their password or financial information.

It’s unclear how many individuals are affected by the incident, but the firm has promised to share more updates in the upcoming days.

OnePlus has notified authorities and it has patched the vulnerability exploited in the attack. “We’ve inspected our website thoroughly to ensure that there are no similar security flaws,” it said.

The company plans on launching an official bug bounty program by the end of the year to help it uncover security holes before they are exploited for malicious purposes.

While some have commended OnePlus for quickly notifying customers and for its public disclosure, others are not happy, particularly since this is the second breach suffered by the company in recent years.

In January 2018, the company revealed that up to 40,000 of its customers may have had their payment card information stolen after hackers injected malicious code into its website’s payment page.

Related: DoorDash Breach Exposes Data of Nearly 5 Mn Users

Related: Hackers Accessed Information of T-Mobile Prepaid Customers

Related: Bed Bath & Beyond Blames Password Reuse for Hacked Accounts

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.