Phone company OnePlus has suffered another data breach, with an undisclosed number of customer names, contact numbers, email addresses, and shipping addresses stolen by an unnamed hacker or group.
This comes less than two years after up to 40,000 customers’ private information was stolen from OnePlus, leading to credit card fraud using customers’ details. In this case, the breach only came to light when the issue of credit card fraud was raised by a user on the OnePlus forums. An investigation subsequently discovered a malicious script had been gobbling up customer credit card details when they were entered into the OnePlus website.
It’s not clear what the cause of this latest breach was. The company has only said that “our security team discovered that some of our users’ order information was accessed by an unauthorized party.” It has also notably failed to disclose how many customers could be affected.
OnePlus says it has informed all customers affected by the breach via email, but that no additional action is required on their part. The company does warn, however, that they “may receive spam and phishing emails as a result of this incident.” If you are a OnePlus customer but have not received an email, the company says that your information is safe. It’s still a good idea to go and update your password though, just in case.
To prevent similar breaches happening in the future, OnePlus says it is making a security check of its systems. “We’ve inspected our website thoroughly to ensure that there are no similar security flaws,” a OnePlus staff member wrote on the company’s forums. “We are continually upgrading our security program — we are partnering with a world-renowned security platform next month, and will launch an official bug bounty program by the end of December.”
This will be a frustration for users, however, with this breach coming so close on the heels of the last one. Many customers on the forums expressed annoyance that this was happening again, with their data being vulnerable due to poor security. Additionally, the announcement that the company is waiting until next month to update its security practices raised some eyebrows. Given the possible severity of the breach, many customers expected more immediate action.
- After latest hack, experts say smart home security systems stink at securing data
- Macy’s confirms hackers stole customer data from its website
- Wyze customers hit by online data leak, company confirms
- Ring’s defense of recent hacks is as shoddy as its security, lawyer claims
- Microsoft will release a fix for major Windows vulnerability found by the NSA