OnePlus has suffered a data breach: the company says an “unauthorized party” accessed some customers’ order information. In a statement, OnePlus says some customer names, contact numbers, emails, and shipping addresses “may have been exposed,” but also that “all payment information, passwords and accounts are safe.” The company began notifying affected customers today.
Impacted users should have received an email notifying them of the incident, and should keep an eye out for possible phishing attempt used based on the stolen information. The company said in the email and an FAQ published about the situation that “we are partnering with a world-renowned security platform next month, and will launch an official bug bounty program by the end of December.”
This isn’t OnePlus’ first security incident — in January 2018, the company said that up to 40,000 customers had been affected by a security breach that caused customers’ credit card information to be stolen.
OnePlus did say in its FAQ that, as part of its efforts to upgrade its security program, it will be partnering with a “world-renowned security platform next month” and will launch a bug bounty program by the end of December. Maybe it should have done that after the first breach.