Intel AMA
Intel AMA

OnePlus discloses security leak in its invoicing system that could have exposed sensitive user data

By Digit NewsDesk | Published on 04 Jul 2020
HIGHLIGHTS
  • OnePlus found a vulnerability in one of out-of-warranty repair invoicing systems, affecting a small set of users in the US.

  • Data of users who wanted to repair their OnePlus device that had gone out of warranty was left exposed.

  • OnePlus claims the leakage has not been exploited by anybody malicious.

OnePlus discloses security leak in its invoicing system that could have exposed sensitive user data
OnePlus discloses security leak in its invoicing system that could have exposed sensitive user data

While the company gears up to launch the OnePlus Nord, a security vulnerability has been found that could have led to leaking user data. Thanfully, the vulnerability involves only a small set of users, and OnePlus claims the leakage has not been exploited by anybody malicious.

First reported by Android Police, the vulnerability was found in one of OnePlus’ out-of-warranty repair invoicing systems, affecting a small set of users in the US. The invoicing system was run by a third party. The publication notified OnePlus and worked together to iron out the issue.

If the vulnerability was exploited, they would have been able to see data of users who wanted to repair their OnePlus device that had gone out of warranty, and hence had to pay for it. Via the invoice, someone could have had access to data like phone number, model number, IMEI, order date, name, address, email address and the repair cost. OnePlus maintained that credit card details were never exposed.

After fixing the leak, OnePlus gave out a detailed statement to Android Police, which read:

“On July 2, a vulnerability was fixed on the website of our U.S. repair service provider. OnePlus customers in the U.S. who were required to pay for out-of-warranty repairs or those who chose to use our recently launched warranty exchange program were sent a unique third-party link to process their payment. From the time the payment link was generated and emailed to the customer, until the time the payment information was submitted, that customer's name, shipping address, email address, device model and IMEI were visible at the link. As soon as a user's payment information was submitted, the link immediately became inactive. To further secure this process, an additional verification step will be required starting early next week.

After thorough investigation together with our vendor, we have found no evidence of any purposeful attempts to access these URLs.

In addition, no credit card details or payment information of any kind was ever accessible.

User privacy is a top priority for OnePlus, and we apologize for any concerns that this might cause. We have made significant security enhancements on our own platforms in recent years and are diligently working to further improve. We are also already improving our internal processes to more quickly respond to external vulnerabilities, and will more closely engage our third-party vendors to better ensure security on their platforms.”

It’s worth mentioning that the vulnerability affects only a small set of users, and was quickly fixed by OnePlus who claims it didn’t fall into wrong hands for the time it was left exposed. OnePlus was also embroiled in a data leak controversy in 2018 and 2019, which actually saw user data being accessed by malicious third parties. For now, OnePlus has introduced a new verification step in the invoicing process and scrubbed all identity details from invoices.

Digit NewsDesk
Digit NewsDesk

Email Email Digit NewsDesk

Follow Us Facebook Logo Facebook Logo Facebook Logo

About Me: Digit News Desk writes news stories across a range of topics. Getting you news updates on the latest in the world of tech. Read More

Tags:
OnePlus data leak OnePlus security breach OnePlus vulnerability
Advertisements

Trending Articles

Advertisements

LATEST ARTICLES View All

Advertisements
hot deals amazon
OnePlus Nord CE 5G (Charcoal Ink, 6GB RAM, 128GB Storage)
OnePlus Nord CE 5G (Charcoal Ink, 6GB RAM, 128GB Storage)
₹ 22999 | $hotDeals->merchant_name
iQOO 7 5G (Storm Black, 8GB RAM, 128GB Storage) | 3GB Extended RAM | Upto 12 Months No Cost EMI | 6 Months Free Screen Replacement
iQOO 7 5G (Storm Black, 8GB RAM, 128GB Storage) | 3GB Extended RAM | Upto 12 Months No Cost EMI | 6 Months Free Screen Replacement
₹ 31990 | $hotDeals->merchant_name
Mi 10i 5G (Atlantic Blue, 8GB RAM, 128GB Storage)- 108MP Quad Camera | Snapdragon 750G Processor
Mi 10i 5G (Atlantic Blue, 8GB RAM, 128GB Storage)- 108MP Quad Camera | Snapdragon 750G Processor
₹ 23999 | $hotDeals->merchant_name
Samsung Galaxy M31s (Mirage Blue, 6GB RAM, 128GB Storage) 6 Months Free Screen Replacement for Prime
Samsung Galaxy M31s (Mirage Blue, 6GB RAM, 128GB Storage) 6 Months Free Screen Replacement for Prime
₹ 15499 | $hotDeals->merchant_name
iQOO 7 5G (Monster Orange, 8GB RAM, 128GB Storage)| Upto 12 Months No Cost EMI | 3GB Extended RAM | 6 Months Free Screen Replacement | Extra 2000 Off on Exchange
iQOO 7 5G (Monster Orange, 8GB RAM, 128GB Storage)| Upto 12 Months No Cost EMI | 3GB Extended RAM | 6 Months Free Screen Replacement | Extra 2000 Off on Exchange
₹ 31990 | $hotDeals->merchant_name
DMCA.com Protection Status