from Hacker News

OnePlus Hit by Data Breach

by bbrks on 11/22/19, 9:08 PM with 48 comments

  • by grammarxcore on 11/22/19, 9:27 PM

    When I opened the link, I was hit with a modal for a raffle. I understand that it's the site's normal behavior and there's no way to single out a single thread (probably), but readers of this thread probably don't want to hand over data for a raffle.
  • by rvz on 11/22/19, 9:30 PM

    > But certain users' name, contact number, email and shipping address may have been exposed. Impacted users may receive spam and phishing emails as a result of this incident.

    Those are personally identifiable information that has been breached. So the attackers can identify me with my shipping address, email and my name.

    Minus One Hundred Thousand from me.

  • by kissickas on 11/22/19, 9:30 PM

    My information got leaked by OnePlus last year and I got hit with some minor credit card fraud. At least I didn't get hit this time... One would think that companies would step up their security after a breach.
  • by xhruso00 on 11/22/19, 10:39 PM

    "We are deeply sorry about this" => we don't care much and we will try to hire not the cheapest dev around
  • by po1nter on 11/22/19, 9:52 PM

    > We took immediate steps to stop the intruder and reinforce security.

    How did they get in? and why wasn't the security "reinforced" in the first place?

  • by snovv_crash on 11/22/19, 10:55 PM

    I find it so funny that you have to pay a bank to hold your personal items safe in a safety deposit box, yet companies left right and center are doing their best to acquire and hoard giant amounts of sensitive information without understanding the liability they create for themselves.

    My hope is that over the coming decade there is a mental shift, and personal information becomes seen as a risk rather than a resource.

  • by maximente on 11/22/19, 9:22 PM

    i get that use of the passive voice makes things more PR friendly, but the cynic in me feels that these should really be in the active voice:

    - Intruders breached OnePlus systems

    - On X date, unauthorized intruders accessed data in our systems

    etc.

  • by bassman9000 on 11/22/19, 10:09 PM

  • by unlinked_dll on 11/22/19, 9:56 PM

    I get that data breaches are their own class of problem, but I do find it ironic that people gave their contact/sales info to a company headquartered in Shenzen and have any expectation of data protection/privacy.
  • by kabes on 11/22/19, 9:22 PM

    Ok, the breach shouldn't have been possible. But at least, when a breach does happen, this is a good example of how a company should communicate. First assessing who/what has been impacted, informing affected customers and a clear (could use some more detail) public statement. Of course, some laws like GDPR force them to do this, but in reality we still see enough big corporations handle this way worse on an almost daily basis.
  • by waterdownship on 11/23/19, 12:02 AM

    Lessons:

    1. Use pseudo name (nickname) for shipping, instead of full name

    2. Use company address instead of home one whenever possible

    Just think about how many people have to access your shipping data just to deliver an order to you, the online shop, the shipping company, the warehouse, the delivery guy.

    It kind of hard to imagine all of them would have perfect bank-level security.

  • by neiman on 11/22/19, 10:13 PM

    "The name, contact number, email and shipping address within certain orders may have been exposed."

    I really hate that most companies force me to give a phone number when I buy something. Why do they need it? Why forcing? I usually end up giving a fake one.

  • by ktm5j on 11/23/19, 3:14 PM

    FAQ from the article has some good info if anyone missed it: https://www.oneplus.com/support/faq22119102
  • by undersuit on 11/22/19, 10:22 PM

    Well darn, I just bought a OnePlus 7 Pro, checked my email, it's shipped! And I'm part of the data breach. :(
  • by heyflyguy on 11/22/19, 10:55 PM

    Basically all of our stuff is already out there. Is lifelock of any help?
  • by unethical_ban on 11/22/19, 9:32 PM

    This was released a day or two after T-Mobile. Hmm...