Smartphone maker OnePlus discloses data breach

Hackers accessed some OnePlus customer data through a vulnerability in the vendor's website.

oneplus-6t-mclaren-12.jpg

Smartphone maker OnePlus disclosed today a security breach that impacted users of its online store.

The breach ocurred last week and was discovered right away, according to a FAQ page published earlier today.

OnePlus says hackers gained access to past customer orders. Exposed information included details like customer names, contact numbers, emails, and shipping addresses, but not passwords or financial details, the company said.

OnePlus believes the hacker's entry point was a vulnerability in its website, but did not provide any additional details.

"We've inspected our website thoroughly to ensure that there are no similar security flaws," the company said.

"Before making this public, we informed our impacted users by email. Right now, we are working with the relevant authorities to further investigate this incident," a member of the OnePlus security team said today in a forum post, separate from the FAQ.

As a result of the breach, OnePlus said it is partnering with "a world-renowned security platform next month, and will launch an official bug bounty program by the end of December."

This is the second security breach in the smartphone vendor's short history. It suffered a similar one in January 2018, when attackers gained access to the data of around 40,000 users.

OnePlus' breach comes after yesterday US telco provider T-Mobile disclosed a similar security breach impacting a small number of accounts.