OnePlus, the popular Chinese smartphone maker, in a recent blog post announced that its security team has discovered a data breach on its website that allowed “unauthorized party” to access some customers’ order information.
The customers’ order information included access to customers’ names, contact numbers, emails, and shipping addresses. However, the hackers were unable to gain access to any payment information, passwords and accounts, the company stated.
“We want to update you that we have discovered that some of our users’ order information was accessed by an unauthorized party. We can confirm that all payment information, passwords and accounts are safe, but certain users’ name, contact number, email and shipping address may have been exposed,” Ziv, Staff Member, Security Team, OnePlus, wrote in the company forum dated November 22.
Before disclosing the data breach to the public, OnePlus says that it informed the authorities and all impacted customers via email. However, those who haven’t yet received an email notifying them of the data breach means that their order information is safe.
“We took immediate steps to stop the intruder and reinforce security. Right now, we are working with the relevant authorities to further investigate this incident and protect your data,” said OnePlus in a data breach notification email sent to its customers.
According to OnePlus, the company never asks its users to share their passwords or financial info via email. All those customers who are affected by the breach may receive spam and phishing emails as a result of the incident, the company added.
“We wanted to notify you of this so that you can be alert to people pretending to be OnePlus to get further information from you, or people asking you to buy products or services from them.”
The company did not disclose how many users were affected by the data breach nor when did the breach take place.
In order to improve information security, the company will be partnering with a world-renowned security platform next month to launch its own official bug bounty program by the end of this year.
“We’ve inspected our website thoroughly to ensure that there are no similar security flaws. We are continually upgrading our security program – we are partnering with a world-renowned security platform next month and will launch an official bug bounty program by the end of December,” OnePlus added.
This is not the first time that OnePlus has been hit by a data breach. In January 2018, the company had confirmed that up to 40,000 users of its online store were affected by a malicious script added to its payment code that caused customers’ credit card information to be stolen.