The biggest smartphone maker, OnePlus has suffered a new data breach exposing personal and order information of its customers likely, as a result of a vulnerability in its online store website.
The breach came to light after OnePlus started informing affected customers via email and published a brief FAQ page on the official forum to reveal information about the security incident.
OnePlus found the breach just last week after an unauthorized user accessed the database of order information of its customers including their names, contact numbers, emails, and shipping addresses.
OnePlus ensured that not all customers were affected and that the attackers were not able to access any passwords, payment information, and associated accounts.
OnePlus took immediate steps to stop the intrusion and informs impacted users via email. If you are an impacted user then you will be getting an email.
Though OnePlus did not provide any detail of the vulnerability that attackers exploited to compromise its online store website. OnePlus did inspect the server completely to ensure there aren't any other similar vulnerabilities.
Although the data breach does not involve your OnePlus account password, you are still recommended to change the password for your account.
OnePlus customers who were affected in this data breach should also be suspicious of spam and phishing emails, which are usually the next step of attackers in an attempt to trick users into giving away their passwords, credit card information and other sensitive information.
OnePlus also said that they are continuing to investigate and will update everyone as they learn more.
This isn't the first time OnePlus has announced a data breach. Last year in January 2018, OnePlus's online store website also was hacked by an unknown attacker to steal credit card information belonging to up to 40,000 OnePlus customers.
As a result of this breach, OnePlus has also finally decided to launch an official bug bounty program by the end of December 2019, allowing researchers and hackers to get paid for responsibly reporting server vulnerabilities before hackers could do any further damage.
If OnePlus has taken this decision after the first data breach, users might have been saved from identity theft.
I hope you find useful information in this article. If you have any questions then please mention in the comments section and I will get back to you and stay tuned with my blog to learn interesting things related to cybersecurity and hacking.