38
Security Notification

  1. LeKeiser
    Gingerbread Nov 22, 2019

    LeKeiser , Nov 22, 2019 :
    I wish my phone company could do that. I doubt they would :(
    I live in France. Last time I had my phone company over the phone, it didn't end well ;)
     

  2. plunet
    Donut Nov 22, 2019

    plunet , Nov 22, 2019 :
    Some of you are commenting that OnePlus are being open about this one. That's probably because GDPR mandates in law that EU data subjects (citizens who are identifiable from the data) are informed of a breach promptly once it is discovered, as well as an EU data regulator being informed within 72 hours of the breach discovery. It will be too difficult for OnePlus to work out who is an EU data subject so they have probably just opted to tell everyone.

    We don't know for certain if they have complied with the timelines as the initial notification didn't give any timeline information which it should.
     

  3. A1511468241063
    Cupcake Nov 22, 2019

    A1511468241063 , Nov 22, 2019 :
    Your “professor friend” is either myopic in his/her view, or doesn’t have any background whatsoever in information security. At a simple level, yes, the actor(s) cannot easily run out and make a purchase based solely on this breach. However, pulling data sets together does give more opportunity to commit some other level of fraud.

    The problem with this, or any breach that is similar, is that personally identifiable information has been taken. This information can be combined with information from other breaches, and used for nefarious purposes that extend well beyond this breach. Calls and emails can now be targeted in such a way that they seem much more realistic. Instead of Dear sir/madam, they will have a first name. Taking content from other breaches, phishing attempts have a higher probability of success. This is especially true for individuals that do not have a technical background. And it is not a matter of “if” the information will be used, it is a matter of when and how. The data wasn’t stolen just for grins. The actor/actors had one or more goals in mind. It is absurd to not take a view that the data will be used. (Probably sold on the dark web, as this is common.) The phone number, as an example, can be spoofed to make a call to a financial institution for one reason or another. Combined with other mined information, this can indeed cause some serious problems.

    The comment about OnePlus not learning the first time is valid. A defense of “well, no financial information was taken this time” is no defense at all. A breach happened, and usable data was stolen. It was OnePlus’ responsibility to protect the data. Those are the facts.

    I somewhat agree with an earlier comment that breaches happen all of the time, and that there is nothing that can be done to protect the data. (I’m paraphrasing.) Without knowing how OnePlus has architected their systems, or the type of breach, it is nearly impossible to say what else they could have done. It seems odd, however, that credit card data and passwords were emphatically stated as “safe.” At a very high level, it wouldn’t be hard to draw an assumption that they are encrypting passwords and credit card data, but not the PII data. Companies do this to save money. It’s expensive to encrypt all data elements—both technically and financially. That said, it is a decision companies make that does leave data in a risky state. OnePlus should have immediately (after the first breach) implemented a comprehensive security program that would protect their customers’ data going forward. The fact that they are now thinking of doing that is inexcusable.

    By the way, it was Equifax, not Experian.
     

    MarkAZ, LeKeiser and yddtime like this.
  4. Madnezz4Ever
    Jelly Bean Nov 22, 2019

    Madnezz4Ever , Nov 22, 2019 :
    Not surprising as data breaches happen way to often even to companies that you would think would have better security such as Equifax, which leaked millions of people social security numbers in the US.
     

  5. yddtime
    Froyo Nov 22, 2019

    yddtime , Nov 22, 2019 :
    Resigning to the fact that it happens to other companies is not the correct response. Until we expect and demand better security nothing will change.
     

    oneplus3l and LeKeiser like this.
  6. keithgpowell
    Ice Cream Sandwich Nov 22, 2019

    keithgpowell , Nov 22, 2019 :
    My name, landline phone number and house address are in a telephone directory. Any stranger or hacker has access to my information. I am not worried.
     

    SoniaB and B_Wrath like this.
  7. LeKeiser
    Gingerbread Nov 22, 2019

    LeKeiser , Nov 22, 2019 :
    Good for you.
    Since you are not worried, how about you share them right here, right now? So that, you know, we can validate this claim.
    I mean, you are not worried at all about others having access to your information. Right?
     

  8. eye842
    Lollipop Nov 22, 2019

    eye842 , via OnePlus 5T , Nov 22, 2019 :
    FU CK YOU very much OnePlus, not this shite again last time You didn't even acknowledge that my account was one of the affected once.

    You have seen the last of my money.
     

  9. stephenmcelhinney
    Cupcake Nov 22, 2019

    stephenmcelhinney , Nov 22, 2019 :
    Was looking for a reason to justify moving to Pixel for my next phone and it appears I've just found it. I don't seem to have been affected but given that this is now a track record of data breaches I'm taking no risks.
     

  10. keithgpowell
    Ice Cream Sandwich Nov 22, 2019

    keithgpowell , Nov 22, 2019 :
    Also my local city council sells my data. The voters list is also made available , for free I understand, to political parties.

    I think it is possible , in both cases, to ask for it not be available, but in the case of the city council, it only reduces some of he data.

    Telephone directories are also available for search online, apart from printed versions. - you may have to pay for it.



    Most businesses list themselves in directories with their name, address, phone, fax etc , email address and web site - should they be worried?

    You want my data? Make the effort - like a hacker.
     

  11. mrgoodkat2
    Gingerbread Nov 22, 2019

    mrgoodkat2 , Nov 22, 2019 :
    Funny you should say that... I had a couple of ping calls from Central African Republic recently...
     

    Bouncer71 likes this.
  12. keithgpowell
    Ice Cream Sandwich Nov 22, 2019

    keithgpowell , Nov 22, 2019 :
    P.S. as an octogenarian, using PCs and web/email since the earliest days, I have yet to be compromised - apart from by my partner.

    But, yes, its still possible.
     

    Bouncer71 likes this.
  13. keithgpowell
    Ice Cream Sandwich Nov 22, 2019

    keithgpowell , Nov 22, 2019 :
    P.P.S. To make it easier for you , my name is listed as Karl Marx c/o Fred Engels.
     

    superplus, SoniaB and Bouncer71 like this.
  14. Crantastic
    Cupcake Nov 22, 2019

    Crantastic , Nov 22, 2019 :
    Canadian customer here. I got the email. I'd made my purchase in early July.

    I'm pretty annoyed by this, tbh. When I bought the new phone, I knew of the last security breach, but I thought surely I was safe this time because they promised to amp up security after that last embarrassment. I guess that was naive of me. I'll certainly think twice before ordering another OnePlus device.
     

  15. Topper_Gas
    Jelly Bean Nov 22, 2019

    Topper_Gas , Nov 22, 2019 :
    That's not really the point though is it, for the second time in a couple of years OP's customer data has been compromised, which for most of us is a major concern and makes you wonder if corners are being cut to save money.
     

  16. Bouncer71
    OnePlus 7 Pro Sample Shot Photographer Nov 22, 2019

    Bouncer71 , Nov 22, 2019 :
    To the professor it might be nothing...
    For me it would be a big deal...

    I've been very precautions with my personal data since the 90ties...
    One could say I'm an unperson in the net...
    Even if you know my real name you'll be having hard time finding stuff related to me...
    Yeah, a couple of my disposable email addresses where part of other breaches, but non of the additional stored data pointed to me...
    My private address and phone number is stored on exactly 21 servers of companies ( including OnePlus), insurances, banks, doctors, public services I put my trust in...
    Non of them public accessable...

    Even though my data don't seam to be part of this breach I'm alerted...

    One (more) opportunity to be phished or Spam called is one too much...

    What will the professor say the next 10 or 100 breaches anywhere...?

    Oh well...
    Sh*t happens... Deal with it...
    ???

    Not what I expect from an IT professional...

    That could just be coincidence...

    As far as I know they're also using automatic random dailers...

    But who knows... ??? ;)
     

  17. stanj028
    Donut Nov 22, 2019

    stanj028 , Nov 22, 2019 :
    For those saying OnePlus have responded fast to this, I have a support message from OnePlus today with a key bit of information that they are missing here... The data was breached last week NOT today. For this reason I am no longer confident with OnePlus security, second time it has happened too, I was going to get getting a OnePlus 7t soon but I'm going elsewhere now, O have just changed my number because of nuisance calls and spam so not happy if that starts again as I can't change contract now.
     

  18. stanj028
    Donut Nov 22, 2019

    stanj028 , Nov 22, 2019 :

    I have a message from support saying that LAST WEEK the breach happened so it's past 72 hours if they have to make it public in that time.
     

  19. AntMunny
    KitKat Nov 22, 2019


  20. LeKeiser
    Gingerbread Nov 22, 2019

    LeKeiser , Nov 22, 2019 :
    Hello, could you share that message here please ?