OnePlus was affected by a new data breach that exposed the personal and order information of its online customers, likely, due to a vulnerability in its online store website.
OnePlus notified its affected customers through email and published a brief FAQ page to disclose information about the security breach.
The company stated that they came to know about the breach just last week after an unauthorized party accessed order information of its customers, including their names, contact numbers, emails, and shipping addresses.
OnePlus assured that all customers were not affected and that the attackers were not able to access any payment information, passwords, and associated accounts.
However, the impacted users may receive spam and phishing emails due to this incident.
The company did not provide any detail of the vulnerability which the attackers exploited to compromise its store. They inspected the server thoroughly to ensure there are no similar vulnerabilities present.
At present they are working with the relevant authorities to further investigate this incident.
As a result of this breach, the company has decided to introduce an official bug bounty program by the end of this year. So, the researchers and hackers will be paid for responsibly reporting severe vulnerabilities before hackers could do any further damage.
Even though the breach does not compromise the OnePlus account password, the users are recommended to change the account password.
The impacted users must also be cautious of the phishing mails as it is the usual step of the attackers in an attempt to trick users into giving away their passwords and credit card information.
OnePlus has also reported a data breach earlier in January 2018, when the company’s website was hacked by an unknown attacker to steal credit card information belonging to up to 40,000 OnePlus customers.