OnePlus, the company that became a powerful entity known as the ‘flagship Killer’, suffered yet another data breach earlier this week. The maker of OnePlus smartphones has offered some seemingly reassuring but vague confirmation about the intentional and external security breach. According to the company’s own admission, customer data including name, contact number, email, and shipping address was accessed. OnePlus categorically added that sensitive login and payment information hasn’t been compromised.
The internal data protection team of OnePlus announced on its official blog that customer information was “accessed by an unauthorized party”. The blog post added that the exposed information includes name, contact number, email, and shipping address of customers. OnePlus also mentioned that customers whose data was exposed, are being informed through emails. Incidentally, this isn’t the first time OnePlus has been the victim of a successful data breach.
OnePlus Data Breach Of Unknown Proportions Exposes Buyer Data:
OnePlus merely confirmed that it suffered a data breach exposing sensitive details including customers’ contact numbers, names, and addresses. It added that the customers’ order database was attacked by an as-yet-unknown hacker. The company categorically claims that payment information, passwords, and accounts “are safe.”
An FAQ in the comments section of the blogpost states that OnePlus found some users’ order information was “accessed by a third party” while monitoring its systems. OnePlus’ statement reads: “We took immediate steps to stop the intruder and reinforce security. Before making this public, we informed our impacted users by email. Right now, we are working with the relevant authorities to further investigate this incident.”
— Jonathan Maldonado (@Onix007) November 23, 2019
It is apparent that the security of OnePlus smartphones wasn’t breached. Based on the choice of words, it appears OnePlus website’s backend database was intentionally hacked to gain access to customer data.
Numerous companies that operate an online marketplace or facilitate communication between service providers and buyers, routinely field such attempts. The primary intention behind this attack is scraping valuable information. Such information has a lot of value on the Dark Web, where buyers use the same to launch phishing attacks and SPAM campaigns. Interestingly, OnePlus itself is aware of the nature and intention of the attack and has cautioned users that they might receive spam and phishing emails as a result of the incident.
What Should OnePlus Customers Do After Data Breach:
OnePlus customers are being informed of the breach via email, which started to hit people’s inboxes. If a OnePlus customer hasn’t received a notification yet, OnePlus says they have not been affected. In the email sent out to the impacted users, OnePlus states that it is working with authorities to investigate the incident and will update customers once more information becomes available. Concerned users can contact Customer Support for more information. Although this might sound reassuring, it is actually quite concerning.
I've bought two phones directly from the @oneplus website and both times received the SAME bullshit notification after, informing me that my data has been "accessed."
I think it's safe to assume these fools are just selling your personal info and calling it a security incident pic.twitter.com/VjtCM8kA0a
— Chuck ₿ (@cbar_tx) November 22, 2019
OnePlus hasn’t openly confirmed the number of affected customers. In other words, there’s currently no way of knowing just how big the data breach at OnePlus was. In January 2018 criminals stole credit card information from 40,000 OnePlus customers. What’s quite concerning is that the news reportedly surfaced after several OnePlus customers reported suspicious activity on their accounts after conducting transactions on the OnePlus website.
It is a logical step to setup credit monitoring to check for possible fraud attempts. Also changing passwords too is strongly recommended. With Black Friday and Cyber Monday approaching quickly, the volume of sales and purchases is expected to surge, and hence it is critical to protect sensitive information.