OnePlus fixes a security vulnerability which could have exposed critical user data
A security flaw in OnePlus’ repair invoicing system was discovered
It affected US customers only
OnePlus has since fixed this, saying no user data was compromised
OnePlus has fixed a vulnerability in its out-of-warranty repair invoicing system, and claims it was done before it could have been exploited to gain customer details in the US. Tipster Eric Lang informed Android Police about this issue, which was subsequently patched by OnePlus. According to the company, it found no evidence of any purposeful attempts to access user data and no credit card or payment information was accessible.
According to a report by Android Police, the vulnerability was discovered on June 30. The third-party vendor which handles out-of-warranty repairs for OnePlus devices in the US, would send a link to customers to make the payment for the repairs. However, anyone with access to the link was able to see the customers details, such as name, order number, address, phone number, email, IMEI, etc. This was brought to light thanks to a tip sent by user Eric Lang, to Android Police who then reportedly worked with OnePlus to get this issue resolved.
This has affected only US customers and has been fixed on July 2, according to a statement from OnePlus. However, it's uncertain for how long this vulnerability existed. Previously, OnePlus was in the spotlight for a security issue which existed in the API of its ‘Shot on OnePlus' app, which leaked email address of individuals. Back in 2018, the integrity of the company's online store came into question, as users reported fraudulent transactions being made on their credit cards, which were previously used to purchase items from the company's website.
Is OnePlus 8 Pro the perfect premium phone for India? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts or RSS, download the episode, or just hit the play button below.
Roydon Cerejo writes about smartphones and laptops for Gadgets 360, out of Mumbai. He is the Deputy Editor (Reviews) at Gadgets 360. He has frequently written about the smartphone and PC industry and also has an interest in photography. With over a decade of experience covering the consumer technology space, he is also an avid sci-fi movie and TV show geek and is always up for good horror flick. Roydon is available at firstname.lastname@example.org, so please send in your leads and tips.