In yet another data breach, consumers of OnePlus handset maker are affected. Read on to know more about it…
In yet another data breach, OnePlus’s online store has compromised by hackers where an “unauthorised party” accessed some customers’ personal information. OnePlus confirmed that it has suffered a data breach, putting the phone numbers and addresses of its users in the hands of hackers. OnePlus said that the breach was discovered and that it has reached out to users whose data might potentially have fallen into the hands of hackers. At this stage, only the contact details of users appear to have been compromised.
OnePlus said “We can confirm that all payment information, passwords and accounts are safe, but certain users’ name, contact number, email and shipping address may have been exposed. Impacted users may receive spam and phishing emails as a result of this incident.
“We want to update you that we have discovered that some of our users’ order information was accessed by an unauthorised party,” Ziv C, Staff Member, Security Team, OnePlus, wrote in the company forum.
Yesterday night, CERT-In, India’s nodal agency for cybersecurity issued an advisory for OnePlus smartphone users in India asking them to change their account passwords. In its advisory, the agency said that ‘less than 3,000 Indian customers’ orders were exposed during the recent global system breach.
“The kind of information exposed such as name, address, email can be abused to impersonate as victim and gain access to other accounts. Even though OnePlus has claimed that password data was not accessed, users are still advised to change their passwords with a strong password,” the cybersecurity agency said in its advisory with ‘medium’ severity rating.
In its advisory, the CERT-In said that OnePlus has clarified that no payment card, bank account details or password breached and has stated that all affected users have already been notified by email.
OnePlus pacified its users that payment information and passwords remain safe. However, shipping addresses and email addresses have been exposed to hackers. OnePlus played down the breach, saying that the critical information was not stolen and that the breach would most likely result in only spam and phishing emails. But the reality is that hackers now have a cast database of people’s addresses (home or work), which they can map to phone numbers and email IDs.
“We took immediate steps to stop the intruder and reinforce security. Before making this public, we informed our impacted users by email. Right now, we are working with the relevant authorities to further investigate this incident,” OnePlus said in an official statement.
While OnePlus did notify affected users, there is little they can do to mitigate the damage. While it is possible — but laborious-to change one’s phone number or email address, it is nigh impossible to uproot one’s life and change to a new home. While hackers usually stick to the online world, leaking real-world data like home addresses to antisocial elements can pose a security risk.
The European Union’s General Data Protection Regulation (GDPR) is another hurdle OnePlus will have to deal with if users from the region were impacted. The GDPR requires companies to reveal the breach and its extent within 72 hours on discovering it.