Home / Security / Security: OnePlus discloses security issue that could have exposed sensitive data

Security: OnePlus discloses security issue that could have exposed sensitive data

Security:

OnePlus was alerted to a vulnerability that could have led to the leaking of sensitive user data, Android Police reported on Friday.

The vulnerability was found in one of the firm’s out-of-warranty repair invoicing systems. It would only have ever affected a small number of U.S. customers and was run by a third party. Android Police notified OnePlus of the issue and worked with them to resolve it.

In essence, if anyone exploited the vulnerability, they would have been able to see the data of users who had filed for a repair but had yet to pay the invoice. Said party would have had access to order numbers, phone model, IMEI. order date, name, address, phone number, email address, and repair cost. OnePlus says that credit card details were never exposed.

Best VPN providers 2020: Learn about ExpressVPN, NordVPN & more

In a statement given to Android Police, OnePlus clarified the issue, saying:

On July 2, a vulnerability was fixed on the website of our U.S. repair service provider. OnePlus customers in the U.S. who were required to pay for out-of-warranty repairs or those who chose to use our recently launched warranty exchange program were sent a unique third-party link to process their payment. From the time the payment link was generated and emailed to the customer, until the time the payment information was submitted, that customer’s name, shipping address, email address, device model and IMEI were visible at the link. As soon as a user’s payment information was submitted, the link immediately became inactive. To further secure this process, an additional verification step will be required starting early next week.

After thorough investigation together with our vendor, we have found no evidence of any purposeful attempts to access these URLs.

In addition, no credit card details or payment information of any kind was ever accessible.

User privacy is a top priority for OnePlus, and we apologize for any concerns that this might cause. We have made significant security enhancements on our own platforms in recent years and are diligently working to further improve. We are also already improving our internal processes to more quickly respond to external vulnerabilities, and will more closely engage our third-party vendors to better ensure security on their platforms.

While any security vulnerabilities are concerning, this falls far below OnePlus’ 2018 and 2019 breaches which saw user data being actively accessed by malicious third parties. As per the report, OnePlus has carried out an audit of the invoicing system, stripping out any identifying details.

Read More

About admin

Check Also

Security: Hong Kong bars 12 opposition candidates from election

Security: Hong Kong bars 12 opposition candidates from election

Image copyright Reuters Image caption Joshua Wong said the decision showed a "total disregard for the will of Hongkongers" Hong Kong authorities have disqualified 12 pro-democracy candidates from upcoming elections, deepening political tensions in the Chinese territory.Opposition legislators had hoped to obtain a majority in the Legislative Council (LegCo) in September's poll after Beijing's imposition…

Leave a Reply

Your email address will not be published. Required fields are marked *