OnePlus announced that their online store was accessed by an unauthorised party and some customer data was exposed. While the company did not confirm what exactly was hacked, it seems like the hackers got into the OnePlus Store. In an official statement, OnePlus stated that some of the users’ order information was accessed. It confirmed that details such as passwords, payment information, and accounts are all safe. However, other information such as name, shipping address, phone number, and email address may have been exposed.
This isn’t the first time that this is happening. Back in January 2018, a security breach had exposed the credit card details of about 40,000 customers. With the latest break-in, OnePlus did not provide any numbers. Instead, it said that certain accounts were exposed. The company stated that the intruder was stopped and the security was beefed up. It also sent emails to affected users and is currently working with the authorities to investigate the breach.
It warned affected users that they may receive phishing emails and other spam. Only the users impacted by the breach were sent emails, so if someone didn’t get an email, then their information is safe. OnePlus hasn’t really mentioned what it’s going to do about the customer details that’ve been exposed. Receiving spam emails is not really the worst problem for the customer. Their personal information is still out there with someone, including phone numbers and home addresses. That’s nothing short of scary and OnePlus doesn’t really seem to be bothered about this.
In an FAQ, the company promised that to improve the security of its online store and website, it would be starting a bug bounty program. The program will start at the end of December and OnePlus will team up with a world-renowned security platform. It also stated that the website has been thoroughly inspected to make sure that no more security loopholes exist. As of now, the Chinese manufacturer isn’t giving out details such as how many accounts were exposed or why it took so long to issue a statement since the hack happened last week, and it only released the statement late this week