OnePlus reported a leak, because of which in the hands of the attackers appeared various data from users of the online store of the smartphone manufacturer.
A security gap was discovered last week: it turned out that the OnePlus company’s website had a certain vulnerability, details of which have not been disclosed.Using this bug, unknown attackers were able to gain access to previous orders of users. So in the hands of hackers were the names of customers, contact numbers, email addresses and delivery addresses. It is emphasized that passwords and financial data were not affected.
Read also: Troldesh ransomware has become a leader in the number of attacks in the first half of 2019
“Last week during routine monitoring of our systems, our security team discovered that some of our users’ order information was accessed by an unauthorized party. We can confirm that all payment information, passwords and accounts are safe, but the name, contact number, emails and shipping address in certain orders may have leaked”, — report in OnePlus.
OnePlus representatives assured that they had already eliminated the vulnerability, thoroughly examined their site, looking for other similar problems, and also cooperate with law enforcement agencies and conduct further investigations.
The company also said that bug bounty will be officially launched next month.
“We’ve inspected our website thoroughly to ensure that there are no similar security flaws. We are continually upgrading our security program – we are partnering with a world-renowned security platform next month, and will launch an official bug bounty program by the end of December”, — report in OnePlus security setvice.
It can be assumed that these words relate to collaboration of OnePlus and HackerOne.
Racall that this is not the first such incident involving OnePlus. At the beginning of 2018, the company already suffered from data leakage. That time the attackers stole information about 40,000 users, including information about their bankcards.
How do I know if my information was involved?