OnePlus's security team has just announced that some of its customer information had been accessed by an unauthorized party. Name, phone, email, and shipping address data for some customers was exposed, and impacted users have been informed by the company of the security breach via email.
OnePlus confirms that payment information and passwords were not included in the breach, and not all customers were affected.
Following the breach, OnePlus has hardened its internal security practices to ensure there aren't any other "similar vulnerabilities." It's also working together with undefined authorities regarding the incident, and plans to launch an official bug bounty program (previously revealed back in September) by the end of December.
The company warns those affected that they may be targeted for phishing attacks as a result of the breach, and to exercise caution against such targeted attacks in the future. Concerned customers can contact OnePlus support for more information.
This isn't the first time OnePlus has had a security breach. Earlier this year, email addresses were leaked from its "Shot on OnePlus" promotion, and the company previously suffered a hack regarding credit card payment information that went undisclosed for two months, just after the company's analytics were discovered to include some excess identifying information. In short, it's not unfamiliar territory for the company, even if it's disappointing for customers to see these sorts of security problems continue.
We reached out to OnePlus for more information (if only recent orders were affected and the number of customers included in the breach), and we were provided with the following statement which repeats most of the same details in the original announcement:
OnePlus has notified impacted users that we have discovered that some of their order information was accessed by an unauthorized party. We can confirm that all payment information, passwords and accounts are safe, but certain users' name, contact number, email and shipping address may have been exposed.
We took immediate steps to stop the intruder and reinforce security. Before making this public, we informed our impacted users by email. Right now, we are working with the relevant authorities to further investigate this incident.
We are deeply sorry about this, and are committed to doing everything in our power to prevent further such incidents.