Currently any company is exposed to computer security incidents. This time, web application security experts report that OnePlus, a smartphone manufacturer based in China, has suffered a data breach that led to the exposure of some personal details of its customers.
Through a statement, the company mentioned that “an unauthorized actor accessed the information of recent orders from some customers”. The message specifies that these records include data such as:
OnePlus also states that users’ payment card data was not exposed during this incident, and all affected users will be notified during this week.
Web application security experts claim that the data breach was reported last week, notifying the company in a timely manner. Moreover, OnePlus mentions that continuous monitoring has been carried out on its website and internal networks to determine that the incident has ended. Experts consider that, implicitly, OnePlus mentions in its statement that the attackers accessed this information through its website.
In its message, the company also states that, immediately after detecting the incident, appropriate security measures were taken to stop the intrusion and ensure that similar vulnerabilities did not exist; however, other details, such as the number of customers affected, are still unknown. In this regard, OnePlus only republished the same message, adding that the investigation is still ongoing. It is also not known why the company took nearly ten days to disclose the incident.
The FAQ section of the OnePlus website mentions that the biggest risk to affected users is receiving a hackers personal information oneplus customers
