Incidents

Hackers leak personal information from OnePlus customers

Currently any company is exposed to computer security incidents. This time, web application security experts report that OnePlus, a smartphone manufacturer based in China, has suffered a data breach that led to the exposure of some personal details of its customers.

Through a statement, the company mentioned that
“an unauthorized actor accessed the information of recent orders from some
customers”. The message specifies that these records include data such as:

  • Full
    names
  • Contact
    phone number
  • Shipping
    address
  • Email
    address

OnePlus also states that users’ payment card
data was not exposed during this incident, and all affected users will be
notified during this week.

Web application security experts claim that the
data breach was reported last week, notifying the company in a timely manner.
Moreover, OnePlus mentions that continuous monitoring has been carried out on
its website and internal networks to determine that the incident has ended.
Experts consider that, implicitly, OnePlus mentions in its statement that the
attackers accessed this information through its website.

In its message, the company also states that,
immediately after detecting the incident, appropriate security measures were
taken to stop the intrusion and ensure that similar vulnerabilities did not
exist; however, other details, such as the number of customers affected, are
still unknown. In this regard, OnePlus only republished the same message,
adding that the investigation is still ongoing. It is also not known why the
company took nearly ten days to disclose the incident.

The FAQ section of the OnePlus website mentions
that the biggest risk to affected users is receiving a phishing
email or advertising spam. However, web application security experts believe
that, due to the large amount of personal details exposed, affected users face
much more complex risk scenarios, such as identity theft, spear phishing, fraud
telephone, among others.

This is not the first time OnePlus has revealed
a computer security incident. In early 2018, the Chinese company revealed that
a security breach in its internal networks led to the exposure of data from up
to 40,000 customers, including payment card details.

On that occasion, the company assured users and
authorities that they would update their security policies and practices for a
period of no more than one month, as well as announcing the creation of a
rewards program, albeit according to web application security experts from the
International Institute of Cyber Security (IICS) has not made any major changes
in the protection of its users’ data.

To Top

Pin It on Pinterest

Share This