OnePlus says it has discovered that some of the company's users' order information was accessed by an unauthorized party.
The smartphone maker confirmed that all payment information, passwords and accounts are safe, but certain users' name, contact number, email and shipping address may have been exposed. Impacted users may receive spam and phishing emails as a result of this incident.
The company says the breach was discovered last week, and that it has “inspected our website thoroughly to ensure that there are no similar security flaws.” That suggests the breach happened through the OnePlus website, perhaps the online store, rather than its phones.
OnePlus took steps to stop the intruder and reinforce security. Before making this public, the company informed the impacted users by email. Right now, OnePlus is working with the relevant authorities to further investigate this incident.
In January 2018, OnePlus said that up to 40,000 customers had been affected by another security breach that caused customers’ credit card information to be stolen.
OnePlus did say in its FAQ that, as part of its efforts to upgrade its security program, it will be partnering with a “world-renowned security platform next month” and will launch a bug bounty program by the end of December.