OnePlus has suffered a data breach the company says an “unauthorized party” accessed some customers’ order information. The company began notifying affected customers today.
The company said that it took “immediate steps to stop the intruder and reinforce security” and to make sure there weren’t similar vulnerabilities, but it hasn’t explained why it took more than a week to disclose the incident (or why it waited to do so until the Friday before a major US holiday). The company also apparently isn’t answering questions: when we asked how many customers may have been affected, OnePlus simply shared a similar statement to the one it posted online without any additional information.
This isn’t OnePlus’ first security incident in January 2018, the company said that up to 40,000 customers had been affected by a security breach that caused customers’ credit card information to be stolen.
OnePlus did say in its FAQ that, as part of its efforts to upgrade its security program, it will be partnering with a “world-renowned security platform next month” and will launch a bug bounty program by the end of December. Maybe it should have done that after the first breach.