What you need to know
- OnePlus has disclosed and fixed a vulnerability in its out of warranty repairs system that would have allowed third parties access to some sensitive customer data.
- This data would have included things like IMEI, name, address, among others.
- The company says that no credit card details were visible at any point.
OnePlus was alerted to a vulnerability that could have led to the leaking of sensitive user data, Android Police reported on Friday.
The vulnerability was found in one of the firm's out-of-warranty repair invoicing systems. It would only have ever affected a small number of U.S. customers and was run by a third party. Android Police notified OnePlus of the issue and worked with them to resolve it.
In essence, if anyone exploited the vulnerability, they would have been able to see the data of users who had filed for a repair but had yet to pay the invoice. Said party would have had access to order numbers, phone model, IMEI. order date, name, address, phone number, email address, and repair cost. OnePlus says that credit card details were never exposed.
In a statement given to Android Police, OnePlus clarified the issue, saying:
While any security vulnerabilities are concerning, this falls far below OnePlus' 2018 and 2019 breaches which saw user data being actively accessed by malicious third parties. As per the report, OnePlus has carried out an audit of the invoicing system, stripping out any identifying details. A new verification step will be rolled out from July 6.
Be an expert in 5 minutes
Get the latest news from Android Central, your trusted companion in the world of Android