OnePlus Suffers New Data Breach Impacting Its Online Store Customers

The OnePlus maker has suffered from a new problem of data breach exposing and order information of an undisclosed number of its customers, likely, as a result of a vulnerability in its online store website.

OnePlus Suffers New Data Breach Impacting Its Online Store Customers

The OnePlus maker has suffered from a new problem of data breach exposing and order information of an undisclosed number of its customer, likely, as a result of a vulnerability in its online store website.

When OnePlus started informing affected customers via email and published a brief FAQ page to disclose information about the security incident then breach came to light.

According to OnePlus, when the unauthorized party accessed order information of its customers, including their names, contact numbers, emails, and shipping addresses, the company discovered that breach.

"Last week while monitoring our systems, our security team discovered that some of our users' order information was accessed by an unauthorized party," the company said.

OnePlus also assured that not all customers were affected and that the attackers were not able to access any payment information, passwords, and associated accounts.

"Impacted users may receive spam and phishing emails as a result of this incident."

Though the company did not provide any detail of the vulnerability that attackers exploited to compromise its store, it did inspect the server thoroughly to ensure there aren't any other similar vulnerabilities.



"We took immediate steps to stop the intruder and reinforce security, making sure there are no similar vulnerabilities," OnePlus said. "Right now, we are working with the relevant authorities to further investigate this incident."

As a result of this breach, the company has also finally decided to launch an official bug bounty program by the end of December 2019, allowing researchers and hackers to get paid for responsibly reporting severe vulnerabilities before hackers could do any further damage.

"We are continually upgrading our security program - we are partnering with a world-renowned security platform next month, and will launch an official bug bounty program by the end of December," the company said.

Although the breach does not involve your OnePlus account password, you are still recommended to change the password for your account.

Affected OnePlus customers should also be suspicious of phishing emails, which are usually the next step of cybercriminals in an attempt to trick users into giving away their passwords and credit card information.

This isn't the first time OnePlus has reported a data breach.