Less than 3000 one-plus smartphone users were claimed to be affected by a recent one-plus data breach. One-plus is known to have had previous data breaches. Customers are advised to change their password. Data leaked involves name, address, email. The nature of data revealed maybe used for impersonation and indirect access to other accounts.
Recently, in 2018, one-plus faced a data security breach that affected 40,000+ customers
Why It Happened ?
Due to a vulnerability, there was unauthorized access and customer information was accessed. Fortunately no passwords were compromised. Data leaked included email, name, shipping address. According to the company, their security team did a thorough check to make sure there was no more such bugs. And have revealed that they would launch a bug bounty program by the end of december
What Can You Learn ?
The above attack used various loopholes at various stages and we can list a few mitigation steps from it.
- Testing frequent test (daily,quaterly) can help keep bugs in check along with malicious access and intent red flag alerts
- Third Party Security measures to make sure any vulnerability doesn’t affect one’s own customers
- PII regulations within the company for careful distribution of PII. Collection of PII only restricted to only when absolutely necessary
- Third Party Risk Assessment Modern tools enable one to understand the threat landscape arising from their vendors
References
https://telecom.economictimes.indiatimes.com/news/oneplus-data-breach-indias-cybersecurity-agency-says-around-3000-oneplus-users-data-exposed/72246434
https://yourstory.com/2019/11/oneplus-data-breach-affected-customers
https://www.theverge.com/2019/11/22/20978455/oneplus-discloses-data-breach-names-numbers-emails-addresses-exposed
