OnePlus makes killer smartphones, but its security is often questionable. Last year, the company found a severe security issue that exposed credit card information, and now, another security issue in the OnePlus Store is causing the company to send out a “Security Notification.”
An email sent out today to recent OnePlus buyers informs them of a security issue. This “Security Notification” from OnePlus informs customers that an “unauthorized party” was able to access order information from the company’s online store.
OnePlus says that payment information as well as account details were not accessed, but names, addresses, emails, and phone numbers “may” have been exposed. The company says it will continue to investigate the matter, but obviously this is no small issue.
Speaking to Droid-Life, OnePlus says that they took “immediate steps to stop the intruder and reinforce security,” and that they are currently “working with the relevant authorities to further investigate this incident.” OnePlus didn’t explain what went wrong, but they are apparently working to start a bug bounty program by the end of this year.
This isn’t the first time the company’s store has fallen victim to a security issue like this. In early 2018, OnePlus customers found evidence of credit card fraud stemming from the Store that triggered OnePlus to shut down credit card payments temporarily. Just a day later, OnePlus’ investigation into the matter revealed that 40,000 credit card numbers had been exposed.
The full email being sent to customers is below, but for OnePlus’ sake, we hope this is the last security breach like this. OnePlus also has a thread on its forums with more details.
We are reaching out to you directly as we have discovered that part of your order information was accessed by an unauthorized party. We can confirm that your payment information, password, and account are safe, but your name, contact number, email, and shipping address may have been exposed.
We took immediate steps to stop the intruder and reinforce security. Right now, we are working with the relevant authorities to further investigate this incident and protect your data.
We wanted to notify you of this so that you can be alert to people pretending to be OnePlus to get further information from you, or people asking you to buy products or services from them. OnePlus will never ask you for your passwords, and any financial information should only be provided via a secure payment page on the OnePlus website or one of our partners if you are buying products from us.
We are deeply sorry about this, and are committed to doing everything in our power to prevent further such incidents. We will continue to investigate and update you as we learn more. In the meantime, please contact us with any questions or concerns at Customer Support.
FTC: We use income earning auto affiliate links.More.