[BreachExchange] OnePlus data breach exposes names, emails, and addresses

Destry Winant destry at riskbasedsecurity.com
Mon Nov 25 10:08:16 EST 2019


https://www.techradar.com/sg/news/oneplus-data-breach-exposes-names-emails-and-addresses

For the second time in two years, OnePlus has been the victim of a
hack by an "unauthorized party", with customer names, email addresses,
and shipping addresses now potentially out in the public domain.

Payment information and passwords are safe and weren't exposed by the
attack, OnePlus says, and no accounts have been accessed by the third
party.

"We took immediate steps to stop the intruder and reinforce security,"
OnePlus said in an email to affected customers. "Right now, we are
working with the relevant authorities to further investigate this
incident and protect your data."


If an email hasn't landed in your inbox, you can assume your account
details haven't been exposed – but as always, it's better to be safe
than sorry.

What to do next

If you've had dealings with OnePlus in the past, it's important to
watch out for any phishing attempts sent to you in the future – that's
emails that will try and direct you to a spoof website to get you to
enter financial details or other sensitive information.

As scammers may now have hold of your name, email address and shipping
address, these phishing emails could look very genuine indeed. Always
double-check where emailed links are sending you, and keep your
browser software right up to date to minimize your chances of getting
caught out.

"OnePlus will never ask you for your passwords, and any financial
information should only be provided via a secure payment page on the
OnePlus website or one of our partners if you are buying products from
us," OnePlus said.

In response to the breach, OnePlus is partnering with a
"world-renowned security platform", and launching a bug bounty
program. For more details on the incident, head to the official FAQ.


More information about the BreachExchange mailing list