What you need to know
- OnePlus has disclosed and fixed a vulnerability in its out of warranty repairs system that would have allowed third parties access to some sensitive customer data.
- This data would have included things like IMEI, name, address, among others.
- The company says that no credit card details were visible at any point.
The vulnerability was found in one of the firm's out-of-warranty repair invoicing systems. It would only have ever affected a small number of U.S. customers and was run by a third party. Android Police notified OnePlus of the issue and worked with them to resolve it.
In essence, if anyone exploited the vulnerability, they would have been able to see the data of users who had filed for a repair but had yet to pay the invoice. Said party would have had access to order numbers, phone model, IMEI. order date, name, address, phone number, email address, and repair cost. OnePlus says that credit card details were never exposed.
In a statement given to Android Police, OnePlus clarified the issue, saying:
On July 2, a vulnerability was fixed on the website of our U.S. repair service provider. OnePlus customers in the U.S. who were required to pay for out-of-warranty repairs or those who chose to use our recently launched warranty exchange program were sent a unique third-party link to process their payment. From the time the payment link was generated and emailed to the customer, until the time the payment information was submitted, that customer's name, shipping address, email address, device model and IMEI were visible at the link. As soon as a user's payment information was submitted, the link immediately became inactive. To further secure this process, an additional verification step will be required starting early next week.
After thorough investigation together with our vendor, we have found no evidence of any purposeful attempts to access these URLs.
In addition, no credit card details or payment information of any kind was ever accessible.
User privacy is a top priority for OnePlus, and we apologize for any concerns that this might cause. We have made significant security enhancements on our own platforms in recent years and are diligently working to further improve. We are also already improving our internal processes to more quickly respond to external vulnerabilities, and will more closely engage our third-party vendors to better ensure security on their platforms.
While any security vulnerabilities are concerning, this falls far below OnePlus' 2018 and 2019 breaches which saw user data being actively accessed by malicious third parties. As per the report, OnePlus has carried out an audit of the invoicing system, stripping out any identifying details. A new verification step will be rolled out from July 6.
We may earn a commission for purchases using our links. Learn more.
AC Podcast 492: TikTok/WeChat Ban; LG Wing; Pixel 5s; PS5
Daniel and Jerry are joined by Alex Dobie and Joe Maring to make sense of the impending (at the time of recording) TikTok and WeChat bans in the U.S. The crew also preview the LG Wing and discuss Apple's recent Watch and iPad announcements in comparison to Android-compatible watches and the Galaxy Tab S7. Alex also reports on the rumored Pixel 5s. Plus, the next-gen consoles are coming...
Foldables are finally good enough to actually spend money on
Foldable phones have come a long way in 18 months, and now with the Galaxy Z Fold 2, we have no major flaws, no shortchanged specs and no hurdles still to overcome. Now is the tipping point when foldables start to actually become worthy of your wallet.
Want an Oculus Quest 2? Here's where to buy one!
The Oculus Quest 2 was announced at Facebook Connect 2020. Here's how to preorder the hottest new wireless VR system around!
The best replacement bands for your 46mm Galaxy Watch
The strap included with the Galaxy Watch is fine, but these offer much more customization. Not only do these straps offer you the chance to change up the style of your watch, but you also get materials that bring added durability for a strap that can take what you throw at it.