Hackers Know Your Address And Phone Number, But OnePlus Thinks All You'll Get is Spam
OnePlus has confirmed that they have suffered a data breach again. The user data for the online store of the Chinese tech company has been compromised, by what OnePlus called an “unauthorized party”. OnePlus says the breach was discovered last week and the company has since reached out to users whose data may have been compromised. However, the company insists that all payment information, passwords and accounts are safe, though names, contact numbers, email addresses and shipping addresses of certain users have been exposed to hackers.
“We can confirm that all payment information, passwords and accounts are safe, but certain users' name, contact number, email and shipping address may have been exposed. Impacted users may receive spam and phishing emails as a result of this incident. We took immediate steps to stop the intruder and reinforce security. Before making this public, we informed our impacted users by email. Right now, we are working with the relevant authorities to further investigate this incident,” says OnePlus in an official statement. Now think about it. OnePlus admits that your name, your contact number and your shipping address (which is likely to be your home, a friend or family member’s home or your office) are now in the hands of hackers, they yet feel the worst that could happen is this—the “Impacted users may receive spam and phishing emails as a result of this incident.” The company also suggests that it is notifying all impacted users by email. But what good will it do now? Change your home address, perhaps? Buy a new house and a new mobile phone connection? If the hackers do have malicious intentions outside of the online world, these users whose real-world data has been leaked could be in for some serious harassment.
Then there is the other requirement in the European Union, if this breach impacts that region, which OnePlus would have had to adhere to. The EU General Data Protection Regulation (GDPR) mandates that a company reveal the breach and its specifics within 72 hours of learning about here. Here, by the company’s own admission, they say, “Last week while monitoring our systems, our security team discovered that some of our users' order information was accessed by an unauthorized party.”
OnePlus also says they will be working together with a “world-renowned security platform” from next month to strengthen the security on their website and launch an official bug bounty program by the end of the year. However, OnePlus doesn’t yet name the security platform they will be working with.
This is not the first time OnePlus has been at the wrong end of a security incident. In January last year, the company had confirmed that the credit card information of as many as 40000 customers had been stolen as a result of a security breach.