As much as OnePlus is popular for its devices, it is also in the news for security breach every now and then. Once again, the company fixes a flaw in its system but there’s no evidence of exploit so far.
This new security flaw was tipped by Eric Lang, a reader of Android Police on June 30. The said publication disclosed OnePlus about the issue and received confirmation from the company on July 2 that they had fixed the vulnerability and there was no exploit.
The security vulnerability was in the OnePlus’ US out-of-warranty repair invoicing system. It is run by a third-party vendor and could have only affected a small subset of US customers.
It could have exposed the details of customers through their unpaid invoices for out-of-warranty repairs. But the chance of such exploit is very low and even OnePlus’ internal audit confirmed “no evidence of any purposeful attempts to access these URLs”.
If it was ever exploited, then it could have revealed the following data of customers to the attacker.
- Order number
- Phone model
- IMEI
- Order date
- Name
- Address
- Phone number
- Email address
- Repair cost
Some of the previous infamous OnePlus security disasters include a credit card breach that affected 40,000 customers, orders information breach, and Shot on OnePlus App flaw.
UP NEXT: OnePlus to launch a Bug Bounty program, users can earn up to $7000 (49,000 CNY)
