Search This Blog

Showing posts with label OnePlus. Show all posts

Chinese Smartphone Maker OnePlus Discloses Data Breach





Chinese smartphone manufacturer, OnePlus has announced a data breach where the order information including names, contact numbers, email addresses and shipping addresses of customers from its online store was exposed. However, customers' payment information, passwords, and accounts haven't been compromised in the incident. OnePlus ensured that the affected customers are being timely notified.

The company told in an FAQ that the breach took place last week and was discovered immediately. According to the officials, it was a certain vulnerability in their website which became the entry point of the attackers. However, no additional details were provided by OnePlus.

"We took immediate steps to stop the intruder and reinforce security, making sure there are no similar vulnerabilities. Before making this public, we informed our impacted users by email. Right now, we are working with the relevant authorities to further investigate this incident." the company said in the FAQ.

As a security measure to ensure there exists no similar security vulnerability, OnePlus thoroughly examined the
website. Furthermore, the company is making efforts to upgrade its security program which included partnering with a world-renowned security platform next month. The company told that it would be launching a bug bounty program by the end of this year.

In the OnePlus security ecosystem, this came as the second hit to the privacy of its users, the company witnessed a similar one last year in January wherein almost 40,000 were affected and users' credit card information was stolen. OnePlus's breach came after T-Mobile announced a similar data breach that impacted a small number of accounts using the company's prepaid offerings.

"Our Cybersecurity team discovered and shut down malicious unauthorized access to some information related to your T-Mobile prepaid wireless account," the company said. "None of your financial data (including credit card information) or social security numbers were involved, and no passwords were compromised."

"The data accessed was information associated with your prepaid service account, including name and billing address (if you provided one when you established your account), phone number, account number, rate plan and features, such as whether you added an international calling feature," the company further added.

OnePlus denies accusation of sending Clipboard data to China

OnePlus had been accused of sending Clipboard data taken from OnePlus phones in the latest OxygenOS Beta version to China and has now denied the accusations, saying that the file is inactive and created for Chinese phones only.

The information was first revealed by Elliot Alderson on Twitter, where he explained how the application works.

He posted that a strange file called badword.txt existed in the clipboard application, along with 6 others, for the OxygenOS Beta update which could identify what kind of data the user copied to their clipboard and send sensitive data such as bank information and passwords to a Chinese server, allegedly pointing to a Chinese company called Teddy Mobile.

OnePlus has since denied this accusation and released a statement saying that "there’s been a false claim that the Clipboard app has been sending user data to a server. The code is entirely inactive in the open beta for OxygenOS, our global operating system. No user data is being sent to any server without consent in OxygenOS."

They added that the identified folder exists in the open beta for HydrogenOS, their operating system for China exclusively, in order to filter out what data to not upload and that local data in this folder is skipped over and not sent to any server.