OnePlus patches security vulnerability exposing the personal info of some US customers

4comments
OnePlus patches security vulnerability exposing the personal info of some US customers
Cybersecurity is an important part of every tech company as our devices are a treasure chest of personal information that some ill-minded individuals would love to get and exploit. Chinese phone manufacturer OnePlus narrowly avoided a security debacle that would have left some of its customers quite unhappy.

Recently, a vulnerability was spotted in the system that handles the invoices for out-of-warranty repairs of OnePlus devices in the States. The window for mischief was relatively small: customers would receive a link to make the payment for their repairs, but before they’d do that, anyone with access to the link would have had access to personal information such as names, address, phone number, email address. Some information about the device itself was also accessible: IMEI, phone model, order number and date.

The issue was noticed by a user and reported to AndroidPolice, which in turn made OnePlus aware of it. It was resolved a few days later. 

OnePlus states that it found “no evidence of any purposeful attempts to access these URLs”, which considering the narrow scope of the vulnerability seems very likely to be true. In other words, no one took advantage of the vulnerability during the time it existed.

That’s not the first time OnePlus has had to deal with holes in its security. Last year, the company’s database was breached and personal information of its clients was accessed. Luckily, in both cases the exposed data was relatively harmless, names and addresses that are harder to exploit, and not payment information such as credit card numbers.

OnePlus is always quick to respond and transparent about what has happened, which isn't necessarily a given.

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless