- OnePlus had suffered a data breach last year as well
- OnePlus says it will work with a security company to safeguard data
- It is also launching a bug bounty programme
In yet another data breach, Chinese handset maker OnePlus’s online store has been hit by hackers where an “unauthorised party” accessed some customers’ personal information. The company informed its users on Friday that all payment information, passwords and accounts are safe but the name, contact number, email, and shipping address in certain orders may have been exposed. OnePlus, however, did not disclose how many users in which parts of the world were affected by the data breach on its website.
“We want to update you that we have discovered that some of our users’ order information was accessed by an unauthorised party,” Ziv C, Staff Member, Security Team, OnePlus, wrote in the company forum.
OnePlus suffered a similar security breach in January last year when hackers gained access to the data of nearly 40,000 users.
According to the smartphone player, the hacker’s entry point this time was a loophole in its website, but did not provide any additional details.
Users who were hit by the breach may receive spam and phishing emails as a result of this incident.
“Before making this public, we informed our impacted users by email. Right now, we are working with the relevant authorities to further investigate this incident,” added Ziv.
The breach happened last week, according to OnePlus’ FAQ page.
“We took immediate steps to stop the intruder and reinforce security, making sure there are no similar vulnerabilities. Before making this public, we informed our impacted users by email. Right now, we are working with the relevant authorities to further investigate this incident,’ said the company.
The company said it has notified all impacted users via email.
“If you don’t get an email from us, rest assured that your order information is safe. However, if you have further concerns, please contact us at Customer Support for assistance,” said OnePlus.
The company said it is partnering with a world-renowned security platform next month and will launch an official bug bounty programme by the end of December.