OnePlus' website yet again breached, says affected users might receive spam emails

By Shubham Sharma | Published on Nov 23 2019
OnePlus' website yet again breached, says affected users might receive spam emails

Honor Band 5i

Here comes the hottest smart band in town! The USB-enabled HONORBand5i is now available on @Amazon.in. Run and get it now at Rs 1999 only.

Click here to know more

HIGHLIGHTS

OnePlus has disclosed a data breach that happened on its website.

Names, contact info, email and shipping address of users ‘may’ have been revealed.

OnePlus says affected users’ passwords and payment information wasn’t accessed.

In this day and age of connected systems and online transactions, cybersecurity is of paramount importance. Unfortunately, systems are designed by people and are prone to vulnerabilities and flaws. OnePlus has now disclosed a data breach incident, wherein it says some users' order information was “accessed by an unauthorized party.” This was disclosed in a blog post where OnePlus’ security team staff member Ziv C. posted the information. As per the company, breached information doesn’t include any payment information and passwords, and says that all the accounts are safe. However, names, contact info, email and shipping address ‘may’ have been revealed. 

As for the effects of this data breach, OnePlus says affected users could receive phishing emails or get spammed as a result. However, it has not disclosed how many users were actually affected. “We took immediate steps to stop the intruder and reinforce security. Before making this public, we informed our impacted users by email. Right now, we are working with the relevant authorities to further investigate this incident,” OnePlus writes in its blog post. The company has apologised and says it has inspected its website for similar flaws and has sent out emails to all affected users. The weird bit is that the company has not disclosed any further details like what vulnerability led to information disclosure. 

As mentioned earlier, this isn’t the first time OnePlus has suffered from a security incident. Back in January 2018, the smartphone manufacturer revealed that about 40,000 customers' credit card information was stolen from its website. This apparently happened due to a malicious script that was inserted on the company’s web pages. It is said to have read and sent sensitive financial data directly from a user’s browser. 

While the credit card information leak was a big blow to the company’s security, it again slipped up with user’s data. In June this year, the company’s Shot On OnePlus app was found to have a flaw that was leaking email IDs of thousands of OnePlus smartphone users. OnePlus was reportedly using an API to connect its server with the Shot on OnePlus app and the API was hosted on open.oneplus.net, which was said to be not secure. Anyone with an access token, which could be retrieved easily, could enter the server. You can read more about it here. 

logo
Shubham Sharma

Interested in tech, gaming, cyber-security, anime, and more

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.