Fixed a vulnerability in the mobile repair billing system, which has caused the personal data of many customers to be exposed
No one in this industry is free from sin, or rather, free from vulnerabilities and security breaches several, such as the one suffered by OnePlus in recent days. In fact, the best part is that the bug has already been fixed, but the bad news is that OnePlus users’ customer data has been exposed reason why it is possible to take extreme caution.
Apparently, the problem affected the billing system for your terminal repair service out of warranty, a system managed by an external company and that works only in the United States. That is why the feeling of tranquility is a little higher, because the vulnerability is very well limited, although the truth is that it seems to have exposed very important personal data.
Namely, the details that have been leaked include not only the IMEI of the repaired terminal and its data, but also the customer’s physical address, the email address or the name and phone number complete. A problem of capital proportions, which has been fixed very quickly at least …
From OnePlus they have rushed to inform their clients convincingly, stating that there is a small number of customers who are affected since the compromised data does not involve the entire user base that third company managed. According to colleagues from the Android Authority, the problem impacted only to customers with unpaid invoices at a certain time.
Add to this important detail the brand of the “Never Settle”, than the vulnerability was not fully exploited and that after an internal audit, all the identification details of this billing system have been removed, which it has also been replaced by a new tool redoubling security efforts:
Fixed a vulnerability on the website of our repair service provider in the United States. OnePlus customers in the United States who were required to pay for out-of-warranty repairs or those who chose to use our recently launched warranty exchange program were sent an exclusive external link to process their payment.
From the moment the payment link was generated and sent by email to the customer, and until the time the payment information was sent, both the customer’s name and the shipping address, the email address , the model and IMEI of the device were visible in that link. To ensure that process, an additional verification step will be required from now on.
After a thorough investigation together with the provider company, we have found no evidence of deliberate attempts to access these URLs.
Also, credit card details and payment information were never accessible under any circumstances.
We recommend you | The new cheap OnePlus will only be for sale in these countries
The Chinese company also says in its extensive statement that privacy is one priority for OnePlus, and apologize to users for any doubts or concerns that this vulnerability may have caused them. The security of own and third-party platforms are also being improved, improving internal processes and involving external suppliers more closely to guarantee the safety of their users.
Being safe on the Internet is basic so that our privacy is not affected, so if you have requested to repair your OnePlus out of warranty Ideally, you should still change passwords as soon as possible and, in any case, activate all the services that support the two-step verification.
At Andro4all | Why mobiles are becoming more expensive, and the reasons that justify it
Follow all the Android news on our official Telegram channel, we are more than 50,000 members!