OnePlus patches security vulnerability exposing the personal info of some US customers
Recently, a vulnerability was spotted in the system that handles the invoices for out-of-warranty repairs of OnePlus devices in the States. The window for mischief was relatively small: customers would receive a link to make the payment for their repairs, but before they’d do that, anyone with access to the link would have had access to personal information such as names, address, phone number, email address. Some information about the device itself was also accessible: IMEI, phone model, order number and date.
The issue was noticed by a user and reported to AndroidPolice, which in turn made OnePlus aware of it. It was resolved a few days later.
That’s not the first time OnePlus has had to deal with holes in its security. Last year, the company’s database was breached and personal information of its clients was accessed. Luckily, in both cases the exposed data was relatively harmless, names and addresses that are harder to exploit, and not payment information such as credit card numbers.
OnePlus is always quick to respond and transparent about what has happened, which isn't necessarily a given.