Chinese smartphone maker OnePlus announced a data breach leading to some of its customers' order information including names, contact numbers, emails, and shipping addresses being accessed by a third-party without authorization.
Bleeping Computer, By Sergiu Gatlan 
© Bleeping Computer | OnePlus Exposed Customer Order Information in Data Breach

However, OnePlus said that the affected users' payment information, passwords, and accounts haven't been exposed during the incident discovered last week per a FAQ published on the company's site.
"We took immediate steps to stop the intruder and reinforce security. Right now, we are working with the relevant authorities to further investigate this incident and protect your data," said Oneplus in a data breach notification email sent to its customers.
"We wanted to notify you of this so that you can be alert to people pretending to be OnePlus to get further information from you, or people asking you to buy products or services from them."
Before disclosing the data breach, OnePlus says that it informed the authorities and all impacted customers by email. At the moment, the company is working with the relevant authorities to investigate the breach incident.
OnePlus customers who haven't yet received an email notifying them of the data breach were told by the Chinese phone maker in a security incident notification published on the company's forum that their data is safe.
According to OnePlus, its users will never be asked to shared their passwords or financial info via email, and it alerts all affected customers that they might be targeted by phishing or spam campaigns as a result of this data breach.
"We've inspected our website thoroughly to ensure that there are no similar security flaws. We are continually upgrading our security program - we are partnering with a world-renowned security platform next month and will launch an official bug bounty program by the end of December," OnePlus added.

The 2018 card breach incident

In January 2018, OnePlus experienced another data breach after attackers injected a malicious script on the company's online store that allowed them to harvest and steal the card details of roughly 40,000 customers.
"The malicious script operated intermittently, capturing and sending data directly from the user's browser," OnePlus said at the time. "It has since been eliminated. We have quarantined the infected server and reinforced all relevant system structures."
Yesterday, T-Mobile also announced a data breach that impacted an undisclosed number of customers using the company's prepaid services.
"Our Cybersecurity team discovered and shut down malicious, unauthorized access to some information related to your T-Mobile prepaid wireless account," T-Mobile said. "None of your financial data (including credit card information) or social security numbers were involved, and no passwords were compromised."
"The data accessed was information associated with your prepaid service account, including name and billing address (if you provided one when you established your account), phone number, account number, rate plan and features, such as whether you added an international calling feature," T-Mobile also added.
This article was originally published by Bleeping Computer.
Previous Post Next Post