Search
+
    The Economic Times daily newspaper is available online now.

    Your payment info, passwords are safe: OnePlus confirms data breach, says email addresses were compromised

    Synopsis

    There is little that OnePlus can do to mitigate the damage.

    OnePlus played down the breach, saying that the critical information was not stolen and that the breach would most likely result in only spam and phishing emails.Agencies
    OnePlus played down the breach, saying that the critical information was not stolen and that the breach would most likely result in only spam and phishing emails.
    OnePlus confirmed that it has suffered a data breach, putting the phone numbers and addresses of its users in the hands of hackers. The database of the Chinese company’s online store was compromised by an “unauthorised party.”

    The company said that the breach was discovered and that it has reached out to users whose data might potentially have fallen into the hands of hackers. At this stage, only the contact details of users appear to have been compromised.

    OnePlus assuaged its users that payment information and passwords remain safe. However, shipping addresses and email addresses have been exposed to hackers.

    “We can confirm that all payment information, passwords and accounts are safe, but certain users' name, contact number, email and shipping address may have been exposed. Impacted users may receive spam and phishing emails as a result of this incident.

    “We took immediate steps to stop the intruder and reinforce security. Before making this public, we informed our impacted users by email. Right now, we are working with the relevant authorities to further investigate this incident,” OnePlus said in an official statement.

    OnePlus played down the breach, saying that the critical information was not stolen and that the breach would most likely result in only spam and phishing emails. But the reality is that hackers now have a cast database of people’s addresses (home or work), which they can map to phone numbers and email IDs.



    While the company did notify affected users, there is little they can do to mitigate the damage. While it is possible –but laborious -to change one’s phone number or email address, it is nigh impossible to uproot one’s life and change to a new home. While hackers usually stick to the online world, leaking real-world data like home addresses to antisocial elements can pose a security risk.

    The European Union’s General Data Protection Regulation (GDPR) is another hurdle OnePlus will have to deal with if users from the region were impacted. The GDPR requires companies to reveal the breach and its extent within 72 hours on discovering it.

    “Last week while monitoring our systems, our security team discovered that some of our users' order information was accessed by an unauthorized party,” the company said on its online forum. OnePlus, on its part, said it has sounded out a “world-renowned security platform” and that they would begin collaborating from next month to strengthen security. The name of the company was not mentioned.

    It is also slated to launch an official bug bounty programme before January 2020. OnePlus has previously found itself in the crosshairs of government regulators. A security incident in January 2018 led to the theft of credit card information of over 40,000 customers.

    (Catch all the Business News, Breaking News, Budget 2024 Events and Latest News Updates on The Economic Times.)

    Subscribe to The Economic Times Prime and read the ET ePaper online.

    ...more

    (Catch all the Business News, Breaking News, Budget 2024 Events and Latest News Updates on The Economic Times.)

    Subscribe to The Economic Times Prime and read the ET ePaper online.

    ...more
    The Economic Times

    Stories you might be interested in