Hackers make off with customers’ personal details in second online attack to affect Chinese smartphone maker in two years
The breach was discovered two weeks ago, the company said, saying an “unauthorised party” had accessed details including customers’ names, contact numbers, emails and shipping addresses.
Payment information and passwords were not affected, the company said.
It did not indicate how many users were affected.
OnePlus said it had informed the affected users via email before going public with the breach.
“We took immediate steps to stop the intruder and reinforce security, making sure there are no similar vulnerabilities,” the company said in an advisory.
“Right now, we are working with the relevant authorities to further investigate this incident.
“We understand that personal information is very important to our users.”
Shenzhen, China-based OnePlus warned that affected users could receive spam and scam emails as a result of the incident.
The company said if users have not received an email informing them of the breach, they are not affected.
The company said that as part of its ongoing efforts to improve security it is adding a “world-renowned security platform” to its arsenal in December and is to launch an official bug bounty programme by the end of December.
OnePlus, founded only in 2013, was hit by a similar security breach in January of last year, when attackers accessed the data of about 40,000 users.
In that incident, hackers were able to intercept payment details as they were entered into its online shop.