39
Security Notification

  1. Ziv C.
    Security Team Staff Member Nov 22, 2019

    Ziv C. , Nov 22, 2019 :
    This is Ziv, from the Security team. We want to update you that we have discovered that some of our users' order information was accessed by an unauthorized party. We can confirm that all payment information, passwords and accounts are safe, but certain users' name, contact number, email and shipping address may have been exposed. Impacted users may receive spam and phishing emails as a result of this incident.

    We took immediate steps to stop the intruder and reinforce security. Before making this public, we informed our impacted users by email. Right now, we are working with the relevant authorities to further investigate this incident.

    We are deeply sorry about this, and are committed to doing everything in our power to prevent further such incidents. Please contact us with any questions or concerns at Customer Support.
     

    #1
  2. Ziv C.
    Security Team Staff Member Nov 22, 2019

    Stickied Post
    Ziv C. , Nov 22, 2019 :
    F.A.Q.

    What happened?

    While monitoring our systems, our security team discovered that some of our users' order information was accessed by an unauthorized party. We can confirm that all payment information, passwords and accounts are safe, but the name, contact number, email and shipping address in certain orders may have been exposed.

    What information was exposed?
    The name, contact number, email and shipping address within certain orders may have been exposed.

    I received an email saying that my information was leaked. What can I do now?
    There is no additional action required on your part for now, but please be aware that you may receive spam and phishing emails as a result of this incident.

    What have you done in response?
    We took immediate steps to stop the intruder and reinforce security, making sure there are no similar vulnerabilities. Before making this public, we informed our impacted users by email. Right now, we are working with the relevant authorities to further investigate this incident.

    How do I know if my information was involved?
    We understand that personal information is very important to our users, and all impacted users were notified via email. If you don’t get an email from us today, rest assured that your order information is safe. However, if you have further concerns, please contact us at oneplus.com/support for assistance.

    What will you do to improve information security?
    We've inspected our website thoroughly to ensure that there are no similar security flaws. We are continually upgrading our security program - we are partnering with a world-renowned security platform next month, and will launch an official bug bounty program by the end of December.
     

    #2
  3. David Y.
    OS Product Marketing Staff Member Nov 23, 2019

    Stickied Post
    David Y. , Nov 23, 2019 :
    Hi everyone,

    We've been following this thread closely and understand you may be anxious and may have some questions regarding this issue. Our first focus was to eradicate risks and inform affected users, both of which have been completed. We are now making a comprehensive case review and future improvement measures.

    As more information becomes available, we will continue being transparent and will share more updates regarding this case with everyone in the next few days.

    Yours,
    David
     

    Anshu3110, KellyND1, palc and 23 others like this.
  4. Ziv C.
    Security Team Staff Member Dec 9, 2019 at 7:04 PM

    Stickied Post
    Ziv C. , Dec 9, 2019 at 7:04 PM :
    Hello friends,

    Thank you all for your patience. We just wanted to give you a quick update. As mentioned before, we reported the incident to relevant authorities in impacted countries as soon as we were able to confirm the details. Since then, we have conducted a thorough analysis of our system and laid out plans to prevent this from happening again. We are continuously upgrading our security program, placing an emphasis on data lifecycle protection, and raising their security level to the same as all of our systems. 

    We are set to partner with a world-renowned hacker-powered security platform to test our system security comprehensively. We are also launching an official bug bounty program on December 19, which will allow security professionals and white hats from all around the globe to support us in improving our system and protecting your information. We will be sharing more information with you when both projects go live. 

    Never Settle, 
    OnePlus Security 
     

  5. Ch4rlux
    Honeycomb Nov 22, 2019


    #3
  6. doozer
    Cupcake Nov 22, 2019

    doozer , Nov 22, 2019 :
    Hoffe das wird kein großes Problem?
    Bleiben wir da informiert, wie das weitergeht?
     

    #4
    Rickyjo likes this.
  7. Sidox
    Donut Nov 22, 2019

    Sidox , via OnePlus 7 Pro , Nov 22, 2019 :
    That's how every company should handle data breaches. Thanks for being a good example for when something like this unfortunately happens.
     

    #5
  8. ariblaze
    Jelly Bean Nov 22, 2019


    #6
  9. F_Gordon_MacDonald_gpmo , via OnePlus 6T , Nov 22, 2019 :
    I received an email and this isn't the first time this has happened with OnePlus.
    This lack of security is deeply worrying and the fact that you are waiting until next month to work with a security company, when it should be done immediately, is disgraceful.
     

    #7
  10. Demon_hunter
    Honeycomb Nov 22, 2019

    Demon_hunter , via OnePlus 7 Pro , Nov 22, 2019 :
    On one hand I whole heartedly appreciate thay you have responded and communicated almost at zero hour.
    on the other hand I believe this is not the first time..The security partnership and bug bounty should have been at work asap.
     

    #8
  11. yddtime
    Froyo Nov 22, 2019

    yddtime , Nov 22, 2019 :
    We trusted OP to secure our order information. That didn't happen.
    Why should we trust OP when they say our payment information wasn't compromised?
     

    #9
    insainity and LeKeiser like this.
  12. SoniaB
    Nougat Senior Moderator Nov 22, 2019

    SoniaB , Nov 22, 2019 :
    @Ziv C.
    Thank you for the thread.
    As one of the affected users, I see that you have not commented on how long this breach lasted for? What period of time? Was it only recent orders affected? I ask because I last placed an order months ago post OP7Pro launch. How many people are affected?
     

    #10
  13. yddtime
    Froyo Nov 22, 2019

    yddtime , Nov 22, 2019 :
    My order was Aug 25.
     

    #11
    SoniaB likes this.
  14. eduiiko
    Donut Nov 22, 2019

    eduiiko , Nov 22, 2019 :
    I don't think this is acceptable. My personal information has been compromised and all I got is an email saying 'at least no payment information has been stolen'. So good news then? And why should I trust you about my payment info being safe?
    I'll be speaking to my lawyers.
     

    #12
  15. Intruder71
    Lollipop Nov 22, 2019

    Intruder71 , Nov 22, 2019 :
    Great yet another screw up.... So when did this happen? Was at your servers or a 3rd party that you insist on sharing our info with?
    Why are you not supplying more information? For those thanking them including mods, give your heads a shake unless you guys know more than we do....!
     

    #13
    sebg74 and malidan like this.
  16. Cheetosdust
    Starting Point Expert Nov 22, 2019

    Cheetosdust , Nov 22, 2019 :
    Thanks for the thread, @Ziv C. - especially the part about what the affected users should do.

    I got the email, so I'm one of the affected users by this. It's not exactly how I envisioned my Friday night to go.
     

    #14
    PrakarshX, obakesan, B_Wrath and 9 others like this.
  17. Intruder71
    Lollipop Nov 22, 2019

    Intruder71 , Nov 22, 2019 :
    Respect as always...... Exactly what we need to know!
     

    #15
  18. Baymax
    Starting Point Expert Nov 22, 2019

    Baymax , Nov 22, 2019 :
    Seems like they did learn the lesson bud.
    Haven't heard any reports of strange purchases showing up like last time.
     

    #16
  19. Intruder71
    Lollipop Nov 22, 2019

    Intruder71 , Nov 22, 2019 :
    Oi [edit by moderator SoniaB] don't ignore us! Screw customer support, your it as you posted the thread.... We NEED more information!!
     
    Last edited by a moderator: Nov 22, 2019

    #17
  20. Baymax
    Starting Point Expert Nov 22, 2019

    Baymax , Nov 22, 2019 :
    Have you had any strange purchases on your card?
    I'm sure that they only were able to breach the store account. OnePlus likely has the payment info secured this time. Hence why no payment info was taken this time.
     

    #18
  21. Intruder71
    Lollipop Nov 22, 2019

    Intruder71 , Nov 22, 2019 :
    How can they sharing our info with who pays them the most... Complete idiots from someone that's been here from the early days... Issue after leak after screw up... Couldn't organise a piss up in a brewery!
     

    #19
  22. knollorulez
    Donut Nov 22, 2019


    #20