OnePlus sent a security notification, in which they said that a third party gained access to customers’ order information. This security breach comes after the one they had in 2018 where 40,000 customers were affected.
Fortunately, payment information, passwords, and accounts weren’t accessed but names, contact numbers and shipping addresses “may have been exposed”. OnePlus said that they took immediate steps to stop these intruders and to reinforce their security. They are also working with authorities to investigate this matter.
Last week while monitoring our systems, our security team discovered that some of our users’ order information was accessed by an unauthorized party. We can confirm that all payment information, passwords, and accounts are safe, but the name, contact number, email, and shipping address in certain orders may have been exposed.
What information was exposed?
The name, contact number, email, and shipping address within certain orders may have been exposed.
What are the consequences?
Impacted users may receive spam and phishing emails as a result of this incident.
What have you done in response?
We took immediate steps to stop the intruder and reinforce security, making sure there are no similar vulnerabilities. Before making this public, we informed our impacted users by email. Right now, we are working with the relevant authorities to further investigate this incident.
How do I know if my information was involved?
We understand that personal information is very important to our users, and all impacted users were notified via email. If you don’t get an email from us today, rest assured that your order information is safe. However, if you have further concerns, please contact us at Customer Support for assistance.
What will you do to improve information security?
We’ve inspected our website thoroughly to ensure that there are no similar security flaws. We are continually upgrading our security program – we are partnering with a world-renowned security platform next month and will launch an official bug bounty program by the end of December.