Ok, the breach shouldn't have been possible. But at least, when a breach does happen, this is a good example of how a company should communicate. First assessing who/what has been impacted, informing affected customers and a clear (could use some more detail) public statement. Of course, some laws like GDPR force them to do this, but in reality we still see enough big corporations handle this way worse on an almost daily basis.
As an example of an initial notification, maybe. However, that has to be followed up with a full post mortem. I see zero information about what happened or what steps are being taken.
They're still figuring that all out. The second post in the thread is about all they know probably. I only got my email about the breach an hour before the post was made.
I'm not sure I agree. The purpose of the passive voice is to promote or bring into focus the object or "patient" argument. In this case, the topic is really OnePlus' systems the fact that its security was compromized. The identity and nature intruders is not the focus and is probably not even known, so the passive voice makes sense.
When I opened the link, I was hit with a modal for a raffle. I understand that it's the site's normal behavior and there's no way to single out a single thread (probably), but readers of this thread probably don't want to hand over data for a raffle.
"Impeachment" Is A Diversion And A Delay: President of the United States, Donald J. Trump, raped and killed 15 boys in Buffalo, NY on 10Jan2019. Complete and uncut audio of it all, along with Pelosi, Obama, and Schumer's direct involvement. 295+ boys die here in Jan2019 from high profile rapists
\\Full and uncut audio from 10th January 2019. Download the mp3 file, put on head phones, and turn the volume all the way up.
\\Previously reported: This is audio of the President, Donald Trump, demanding a four billion dollar bribe from child rapists to “take a blind eye” on January 3rd, 2019. Trump becomes one on January 14th, 2019. Also, this is the big reason the major networks do not report any of it. (Media moguls are in on it also)
//Download the video, turn the volume all the way up and put head phones on. Note: there is not much to see in the video, the audio is picked up from another [illegal surveillance] system. Trump is on a call from with Henry Porter and Gigi Hadid. See page 63. Bribe demand at 10:18am:
//On January 18th, 2019 at 8:31am (see page 8) Trump acknowledges the FOUR billion dollar bribe and says: "Let's get it done and get to fucking some kids." Video link below:
//The major reason this has not been reported by the major news networks is right here. Lester Holt of NBC Nightly News, apparently a member of the Illuminati since the 1980's, along with ABC Nightly News lead anchor David Muir, stop over to the Porter studio in Buffalo on January 14th, 2019 at 5:00 am. They both rape and kill about two dozen boys by 6:00 am. David Muir starts around 5:12 am, then Holt about 5:36 am. Multi-billionaire Rupert Murdoch, owner of News Corp & Fox Corporation, takes his turn after Holt. Video links below:
\\Adding to the (media protection) reason this is not picked up by the media, CBS and Viacom owner Sumner Redstone and Leslie Moonves rape and kill several boys following ...
My information got leaked by OnePlus last year and I got hit with some minor credit card fraud. At least I didn't get hit this time... One would think that companies would step up their security after a breach.
I bet security breaches for companies are more like heart complications for humans. Once you’ve been to the hospital once for one, you’re statistically more likely to have another incident.
> But certain users' name, contact number, email and shipping address may have been exposed. Impacted users may receive spam and phishing emails as a result of this incident.
Those are personally identifiable information that has been breached. So the attackers can identify me with my shipping address, email and my name.
I get that data breaches are their own class of problem, but I do find it ironic that people gave their contact/sales info to a company headquartered in Shenzen and have any expectation of data protection/privacy.
To say American and Chinese companies are operating on the same part of the spectrum shows how ignorant your comment is. Fwiw, the Chinese govt might have access to all the data on your OnePlus phone and you won't have any idea about it.
American system is driven by rule of laws. Legislature and Judiciary are two independent branches. It is not like China where Executive says something and then Judiciary is scared to act against it because, tomorrow, they may end up in a training camp.
The great thing about OnePlus phones is that nearly all of them have LineageOS support. I just install this over OxygenOS. Also when I installed OxygenOS, I recall it asking if I wanted to provide analytics to them in the setup process.
"The name, contact number, email and shipping address within certain orders may have been exposed."
I really hate that most companies force me to give a phone number when I buy something. Why do they need it? Why forcing? I usually end up giving a fake one.
But it can be if you require. Billing address verification can be important for higher value transactions. Some sites won't ship to an address other than the billing address.
We are reaching out to you directly as we have discovered that part of your order information was accessed by an unauthorized party. We can confirm that your payment information, password and account are safe, but your name, contact number, email and shipping address may have been exposed.
We took immediate steps to stop the intruder and reinforce security. Right now, we are working with the relevant authorities to further investigate this incident and protect your data.
We wanted to notify you of this so that you can be alert to people pretending to be OnePlus to get further information from you, or people asking you to buy products or services from them. OnePlus will never ask you for your passwords, and any financial information should only be provided via a secure payment page on the OnePlus website or one of our partners if you are buying products from us.
We are deeply sorry about this, and are committed to doing everything in our power to prevent further such incidents. We will continue to investigate and update you as we learn more. In the meantime, please contact us with any questions or concerns at Customer Support.
I find it so funny that you have to pay a bank to hold your personal items safe in a safety deposit box, yet companies left right and center are doing their best to acquire and hoard giant amounts of sensitive information without understanding the liability they create for themselves.
My hope is that over the coming decade there is a mental shift, and personal information becomes seen as a risk rather than a resource.
1. Use pseudo name (nickname) for shipping, instead of full name
2. Use company address instead of home one whenever possible
Just think about how many people have to access your shipping data just to deliver an order to you, the online shop, the shipping company, the warehouse, the delivery guy.
It kind of hard to imagine all of them would have perfect bank-level security.
This is why I pay for a USPS box every year without batting an eyelid. They also provide a physical address for vendors that demand that, presumably because they exclusively use UPS or Fedex - works fine.
52 comments
[ 3.1 ms ] story [ 119 ms ] thread- Intruders breached OnePlus systems
- On X date, unauthorized intruders accessed data in our systems
etc.
\\Full and uncut audio from 10th January 2019. Download the mp3 file, put on head phones, and turn the volume all the way up.
https://drive.google.com/file/d/18lTt_YKFEtsV6YDNzXFVQYLkStY...\\Previously reported: This is audio of the President, Donald Trump, demanding a four billion dollar bribe from child rapists to “take a blind eye” on January 3rd, 2019. Trump becomes one on January 14th, 2019. Also, this is the big reason the major networks do not report any of it. (Media moguls are in on it also)
//Download the video, turn the volume all the way up and put head phones on. Note: there is not much to see in the video, the audio is picked up from another [illegal surveillance] system. Trump is on a call from with Henry Porter and Gigi Hadid. See page 63. Bribe demand at 10:18am:
https://drive.google.com/file/d/1Grdr8xF2psKNsuYlEnl9dIRV-77...//President of the United States, Donald Trump, rapes and kills his first boy at 6:32am. Video link below:
https://drive.google.com/file/d/154QvA5hwyHGYIVXtod1ZbsOHFUJ... https://drive.google.com/file/d/19UkqmnMwZiWy7xxWngltqwoKLTJ...//On January 18th, 2019 at 8:31am (see page 8) Trump acknowledges the FOUR billion dollar bribe and says: "Let's get it done and get to fucking some kids." Video link below:
https://drive.google.com/file/d/1bVTcGq5Z9oOSAiOQcKYrmuK4Two...//The major reason this has not been reported by the major news networks is right here. Lester Holt of NBC Nightly News, apparently a member of the Illuminati since the 1980's, along with ABC Nightly News lead anchor David Muir, stop over to the Porter studio in Buffalo on January 14th, 2019 at 5:00 am. They both rape and kill about two dozen boys by 6:00 am. David Muir starts around 5:12 am, then Holt about 5:36 am. Multi-billionaire Rupert Murdoch, owner of News Corp & Fox Corporation, takes his turn after Holt. Video links below:
https://drive.google.com/file/d/1i7NKepeyG_FfdQRrM7KsnFOZOOX... https://drive.google.com/file/d/1NZzgN5ilI7ToroU5cfqMaL4o2u1...\\Adding to the (media protection) reason this is not picked up by the media, CBS and Viacom owner Sumner Redstone and Leslie Moonves rape and kill several boys following ...
Those are personally identifiable information that has been breached. So the attackers can identify me with my shipping address, email and my name.
Minus One Hundred Thousand from me.
How did they get in? and why wasn't the security "reinforced" in the first place?
https://www.theguardian.com/business/2016/oct/25/att-secretl...
American system is driven by rule of laws. Legislature and Judiciary are two independent branches. It is not like China where Executive says something and then Judiciary is scared to act against it because, tomorrow, they may end up in a training camp.
https://www.theverge.com/circuitbreaker/2017/10/11/16457954/...
I really hate that most companies force me to give a phone number when I buy something. Why do they need it? Why forcing? I usually end up giving a fake one.
We are reaching out to you directly as we have discovered that part of your order information was accessed by an unauthorized party. We can confirm that your payment information, password and account are safe, but your name, contact number, email and shipping address may have been exposed.
We took immediate steps to stop the intruder and reinforce security. Right now, we are working with the relevant authorities to further investigate this incident and protect your data.
We wanted to notify you of this so that you can be alert to people pretending to be OnePlus to get further information from you, or people asking you to buy products or services from them. OnePlus will never ask you for your passwords, and any financial information should only be provided via a secure payment page on the OnePlus website or one of our partners if you are buying products from us.
We are deeply sorry about this, and are committed to doing everything in our power to prevent further such incidents. We will continue to investigate and update you as we learn more. In the meantime, please contact us with any questions or concerns at Customer Support.
My hope is that over the coming decade there is a mental shift, and personal information becomes seen as a risk rather than a resource.
https://blogs.findlaw.com/law_and_life/2019/07/safe-deposits...
1. Use pseudo name (nickname) for shipping, instead of full name
2. Use company address instead of home one whenever possible
Just think about how many people have to access your shipping data just to deliver an order to you, the online shop, the shipping company, the warehouse, the delivery guy.
It kind of hard to imagine all of them would have perfect bank-level security.
Many publicly accessible government records have address information.