Chinese phonemaker OnePlus alerts customers to data breach

Written by

Chinese smartphone manufacturer OnePlus has confirmed it experienced a data breach involving some users’ names, contact numbers as well as their email and shipping addresses.

In a post Friday on OnePlus’ community forum, a company representative said the security team determined “an unauthorized party” accessed data “within certain orders.” OnePlus did not disclose the number of customers affected, when the incident occurred, nor how the outsiders infiltrated its systems. Payment data, passwords and accounts are unaffected by the breach, the company said.

Word of the OnePlus breach came one day after T-Mobile announced its own security incident. T-Mobile said information associated with customers’ prepaid service accounts was affected, including phone numbers, account numbers, rate plan and rate features. Payment data and password information were unaffected in that breach, too.

Shenzhen-based OnePlus operates in more than two dozen countries, specializing in the production of smartphones and other consumer electronics. The company has an annual revenue of more than $1 billion, and boasts of international growth due to the affordable phones. By undercutting competitors like Apple, the strategy goes, OnePlus is aiming to impress global customers with similarly large glass phones.

The breach disclosed Friday only is the latest security incident at the company. OnePlus said in January 2018 that 40,000 customers who shopped in the online store were vulnerable to attacks from hackers who collected debit and credit card numbers from the checkout.

“We took immediate steps to stop the intruder and reinforce the security, making sure there are no similar vulnerabilities,” OnePlus said Friday. “Before making this public, we informed our impacted users by email. Right now, we are working with the relevant authorities to investigate this incident.”

The post went on to warn that customers may receive an uptick in spam and phishing attempts as a result of this compromise. All affected customers would receive an email by Friday, OnePlus said.

The company plans to launch a bug bounty program by the end of December, it added.