In November 2019, OnePlus said that it had discovered that some of its users’ order information was accessed by an unauthorised party. This page explains more about how the OnePlus data breach happened.
In November 2019, OnePlus emailed customers to let them know that a data breach had put their personal information at risk. OnePlus confirmed that the hack resulted in customer order information falling into the hands of an unauthorised third-party.
Some customers received the email from OnePlus confirming their involvement in this hack, despite not purchasing a device from the company since 2018.
It does not appear that payment information or account passwords were obtained during the intrusion.
The 2019 data security incident wasn’t the first time that OnePlus had been involved in a data breach.
In January 2018, OnePlus revealed that 40,000 online customers had their credit/debit card data stolen because of a malicious script in the ordering process.
In the 2018 data breach, hundreds of customers reported fraud on their accounts after paying over the OnePlus website.
OnePlus warned affected customers that they might become the victims of spam and phishing emails as cybercriminals use this data to extort more information and commit financial/identity fraud against them. Similar data breaches have resulted in fraud, blackmail, and identity theft, so victims of the OnePlus breach were at high risk of being targeted.
See our answers to the FAQs we get asked about the OnePlus Data Breach.
According to a OnePlus spokesperson, the breach was discovered by the OnePlus security team when monitoring its systems. An unauthorised third-party/intruder was involved.
The details stolen by cybercriminals included:
OnePlus informed all impacted users by email.