Chinese Smartphone Maker OnePlus Discloses Data Breach





Chinese smartphone manufacturer, OnePlus has announced a data breach where the order information including names, contact numbers, email addresses and shipping addresses of customers from its online store was exposed. However, customers' payment information, passwords, and accounts haven't been compromised in the incident. OnePlus ensured that the affected customers are being timely notified.

The company told in an FAQ that the breach took place last week and was discovered immediately. According to the officials, it was a certain vulnerability in their website which became the entry point of the attackers. However, no additional details were provided by OnePlus.

"We took immediate steps to stop the intruder and reinforce security, making sure there are no similar vulnerabilities. Before making this public, we informed our impacted users by email. Right now, we are working with the relevant authorities to further investigate this incident." the company said in the FAQ.

As a security measure to ensure there exists no similar security vulnerability, OnePlus thoroughly examined the
website. Furthermore, the company is making efforts to upgrade its security program which included partnering with a world-renowned security platform next month. The company told that it would be launching a bug bounty program by the end of this year.

In the OnePlus security ecosystem, this came as the second hit to the privacy of its users, the company witnessed a similar one last year in January wherein almost 40,000 were affected and users' credit card information was stolen. OnePlus's breach came after T-Mobile announced a similar data breach that impacted a small number of accounts using the company's prepaid offerings.

"Our Cybersecurity team discovered and shut down malicious unauthorized access to some information related to your T-Mobile prepaid wireless account," the company said. "None of your financial data (including credit card information) or social security numbers were involved, and no passwords were compromised."

"The data accessed was information associated with your prepaid service account, including name and billing address (if you provided one when you established your account), phone number, account number, rate plan and features, such as whether you added an international calling feature," the company further added.


from E Hacking News - Latest Hacker News and IT Security News https://ift.tt/2OAXorG

Comments