The security team at One Plus confirmed a data breach that exposed sensitive details from certain customers’ orders which included their contact numbers, names and addresses.
As per the FAQ page on the One Plus website, the data breach took place last week due to an existing vulnerability on its website. One Plus stressed that hackers found this loophole and exploited it to gain only the order details of certain customers and not the confidential payment information and account passwords. One Plus said, “While monitoring our systems, our security team discovered that some of our users’ order information was accessed by an unauthorized party. We can confirm that all payment information, passwords and accounts are safe, but the name, contact number, email and shipping address in certain orders may have been exposed.”
One Plus also clarified that all the users were not affected by this data breach. The affected users have been sent a security notification via email that explains the possible cause of breach and respective remedial measures taken. It has asked the affected customers to stay extra vigilant as the leaked information could be used for malicious activities like phishing, identity theft, spamming, etc.
As part of beefing-up the security, One Plus announced, “We are continually upgrading our security program — we are partnering with a world-renowned security platform next month and will launch an official bug bounty program by the end of December.”
This is not the first data breach incidence of One Plus. In January last year, OnePlus disclosed that up to 40,000 customers were affected by a data breach that forced the smartphone maker to shut down credit card payments on its online store.
It’s not just the One Plus vendors website that seems to be vulnerable though. In May this year, One Plus launched its One Plus 7 series with a lot of fanfare. Days after the phone was launched, someone managed to hack the fingerprint scanner using a simple dummy gum fingerprint. This method is one of the oldest fingerprint hacking techniques and yet went unchecked from One Plus.