Late on Friday, OnePlus revealed that its systems were breached by an unauthorized third party individual or individuals and that a whole bunch of user information was exposed. Notifications began arriving in user inboxes shortly thereafter, and while OnePlus insists that no payment information was snooped by the bad actors, the breach appears to be part of a troubling trend.
Back in early 2018, OnePlus revealed that a data breach exposed the credit card details of some 40,000 of its customers. That breach happened in November of the previous year and included credit card numbers, security codes, and expiration dates. This latest breach appears to be somewhat less serious, but it’s nonetheless annoying for OnePlus users.
In a bulletin posted by the OnePlus security team, the details of the breach are laid out:
We can confirm that all payment information, passwords and accounts are safe, but certain users’ name, contact number, email and shipping address may have been exposed. Impacted users may receive spam and phishing emails as a result of this incident.
We took immediate steps to stop the intruder and reinforce security. Before making this public, we informed our impacted users by email. Right now, we are working with the relevant authorities to further investigate this incident.
The biggest issue here is, of course, the contact information. The phone number, email address, and physical shipping address of affected accounts are now out in the wild, along with the name associated with those accounts. As OnePlus correctly asserts, this will likely lead to an influx of spam and scam attempts against these individuals in the coming weeks and months.
OnePlus says it has corrected the security flaw that led to the breach and that it has examined all areas of its public-facing websites to ensure there are no additional vulnerabilities. It says it is still investigating the incident with the help of “the relevant authorities.”
OnePlus has had a busy year, releasing a total of four phones in 2019 including the OnePlus 7T Pro which debuted just last month. Data breaches seem to happen to just about every company, but two large-scale incidents in the span of two years is a serious concern for the company and its users.