Security Notification

  1. plunet
    Eclair Nov 23, 2019

    plunet , Nov 23, 2019 :
    Reply from OnePlus support...

    Thank you for contacting OnePlus Customer Support.

    We understand your concern. We are deeply sorry for the inconvenience and concern caused. I would be taking ownership of this ticket and make sure that everything will go smoothly and all of your concerns will be addressed.
    Regarding the date, last week, we discovered that some of our users' order information was accessed by an unauthorized party. We can confirm that all payment information, passwords and accounts are safe, but the name, contact number, email and shipping address in the order may have been exposed.

    As soon as it was discovered, we took immediate steps to stop the intruder and reinforce security, making sure there are no similar vulnerabilities. Before making this public, we informed our impacted users by email. Right now, we are working with the relevant authorities to further investigate this incident.

    We've inspected our website thoroughly to ensure that there are no similar security flaws. We are continually upgrading our security program - we are partnering with a world-renowned security platform next month, and will launch an official bug bounty program by the end of December. Please be alert to any suspicious emails, calls, or text messages, especially if they ask for any personal information or payment. If you had suffered a loss due to spam and phishing email, please share proof and we will look into it.

    We are truly grateful for your patience and understanding regarding this matter. If you have any questions or concerns, please don't hesitate to let me know.

    OnePlus Customer Support

  2. amvinfe
    Donut Nov 23, 2019

    amvinfe , Nov 23, 2019 :
    The law on the protection of personal data is very complex. As often happens when they are written, the result that is obtained in the end is not always that of an easily applicable law.
    In this case the GDPR contemplates different cases and different levels of severity. In some less serious cases there is not even the obligation to notify the competent authorities, not even the users.
    The 72 hours that I indicated before is an obligation, but also for this case there is the possibility of going beyond 3 days.
    In fact, if the violation of personal data presents an "unlikely" risk to the rights and freedoms of natural persons, it is possible to delay communication to the competent authorities. However, any delay must be justified.
    As I said before, the cases covered by law 2016/679 are really many and different are also the ways in which the data holder must comply. At the URL https://eur-lex.europa.eu/legal-content/IT/TXT/?uri=CELEX:32016R0679 you can find the complete text in the language of your choice

  3. HFidalgo
    Gingerbread Nov 23, 2019

    HFidalgo , via OnePlus 7 Pro , Nov 23, 2019 :
    The transparency with your customers is always appreciated, although it doesn't minimize the fact of having another security breach...

    You need do deep dive into investigating who's accessing your customers' data and bring them to justice, as with time this will start jeopardizing the trust you try to establish with us on many other levels!


    LeKeiser likes this.
  4. H1557058226130
    Gingerbread Nov 23, 2019

    G_plusone likes this.
  5. Shinchan1311
    Froyo Nov 23, 2019

    Wonderwoman13, G_plusone and LeKeiser like this.
  6. vdbhb59
    Gingerbread Nov 23, 2019

    vdbhb59 , Nov 23, 2019 :
    Do they ever? I believe, this is a noticeable breach, as always, and time to sue them!

  7. Funk Wizard
    Lollipop Moderator Nov 23, 2019

    Funk Wizard , Nov 23, 2019 :
    Already Pinned and its under Announcements which is an important section across the forums.

  8. David Y.
    Product Marketing Staff Member Nov 23, 2019

    Stickied Post
    David Y. , Nov 23, 2019 :
    Hi everyone,

    We've been following this thread closely and understand you may be anxious and may have some questions regarding this issue. Our first focus was to eradicate risks and inform affected users, both of which have been completed. We are now making a comprehensive case review and future improvement measures.

    As more information becomes available, we will continue being transparent and will share more updates regarding this case with everyone in the next few days.


    Anshu3110, KellyND1, palc and 23 others like this.
  9. LeKeiser
    Gingerbread Nov 23, 2019

    LeKeiser , Nov 23, 2019 :
    Hello David,
    Thank you for your post.
    We will be waiting for your updates here then.

    One question though : how can you assure us that our financial data and password haven't been compromised? Without going into the details of course (that you might prefer to stay silent), but a little insight please?

    Thanx again.

  10. David Y.
    Product Marketing Staff Member Nov 23, 2019

    David Y. , Nov 23, 2019 :
    I appreciate your understanding @LeKeiser. We can confirm that your financial data and password are safe.

  11. krishnangangster6
    Donut Nov 23, 2019

  12. G1554509404736
    Cupcake Nov 23, 2019

  13. Matt 80
    Lollipop Nov 23, 2019

  14. Topper_Gas
    Jelly Bean Nov 23, 2019

    Topper_Gas , Nov 23, 2019 :
    Sue for what if you haven't suffered any financial loss because of the data breech?

    keithgpowell likes this.
  15. Francesco£
    Gingerbread Nov 23, 2019

  16. Bouncer71
    OnePlus 7 Pro Sample Shot Photographer Community Expert Nov 23, 2019

    luxuskamel likes this.
  17. keithgpowell
    Ice Cream Sandwich Nov 23, 2019

    Bouncer71 likes this.
  18. amvinfe
    Donut Nov 23, 2019

    Last edited: Nov 23, 2019

  19. Mukund760
    Honeycomb Nov 23, 2019

    bharatb76 likes this.
  20. MentalDraco
    Marshmallow Nov 23, 2019

    MentalDraco , Nov 23, 2019 :
    I got a email as well, and my last purchase was the OP 5T at launch, so I assume most users that, ever made a purchase, at least in the past 2 years had their data leaked.