Phone company OnePlus has suffered another data breach, with an undisclosed number of customer names, contact numbers, email addresses, and shipping addresses stolen by an unnamed hacker or group.
This comes less than two years after up to 40,000 customers’ private information was stolen from OnePlus, leading to credit card fraud using customers’ details. In this case, the breach only came to light when the issue of credit card fraud was raised by a user on the OnePlus forums. An investigation subsequently discovered a malicious script had been gobbling up customer credit card details when they were entered into the OnePlus website.
It’s not clear what the cause of this latest breach was. The company has only said that “our security team discovered that some of our users’ order information was accessed by an unauthorized party.” It has also notably failed to disclose how many customers could be affected.
OnePlus says it has informed all customers affected by the breach via email, but that no additional action is required on their part. The company does warn, however, that they “may receive spam and phishing emails as a result of this incident.” If you are a OnePlus customer but have not received an email, the company says that your information is safe. It’s still a good idea to go and update your password though, just in case.
To prevent similar breaches happening in the future, OnePlus says it is making a security check of its systems. “We’ve inspected our website thoroughly to ensure that there are no similar security flaws,” a OnePlus staff member wrote on the company’s forums. “We are continually upgrading our security program — we are partnering with a world-renowned security platform next month, and will launch an official bug bounty program by the end of December.”
This will be a frustration for users, however, with this breach coming so close on the heels of the last one. Many customers on the forums expressed annoyance that this was happening again, with their data being vulnerable due to poor security. Additionally, the announcement that the company is waiting until next month to update its security practices raised some eyebrows. Given the possible severity of the breach, many customers expected more immediate action.
Editors' Recommendations
- Spellcheckers in Google Chrome could expose your passwords
- More than 80% of websites you visit are stealing your data
- A data breach can cost millions of dollars — and you might be paying it
- Personal data of 69 million Neopets users is now up for sale after a data breach
- Use Office? Your PC could be at risk due to this Microsoft change
