OnePlus Data Breach


In November 2019, OnePlus said that it had discovered that some of its users’ order information was accessed by an unauthorised party. This page explains more about how the OnePlus data breach happened. 

What happened in the OnePlus data breach?

In November 2019, OnePlus emailed customers to let them know that a data breach had put their personal information at risk. OnePlus confirmed that the hack resulted in customer order information falling into the hands of an unauthorised third-party.

Some customers received the email from OnePlus confirming their involvement in this hack, despite not purchasing a device from the company since 2018.

The details stolen by cybercriminals included:

It does not appear that payment information or account passwords were obtained during the intrusion.

A history of data protection failures at OnePlus

The 2019 data security incident wasn’t the first time that OnePlus had been involved in a data breach.

In January 2018, OnePlus revealed that 40,000 online customers had their credit/debit card data stolen because of a malicious script in the ordering process.

In the 2018 data breach, hundreds of customers reported fraud on their accounts after paying over the OnePlus website.

Victims of the OnePlus data breach were put at risk

OnePlus warned affected customers that they might become the victims of spam and phishing emails as cybercriminals use this data to extort more information and commit financial/identity fraud against them. Similar data breaches have resulted in fraud, blackmail, and identity theft, so victims of the OnePlus breach were at high risk of being targeted.

Oneplus data breach timeline

  • January 2018
    OnePlus admitted that up to 40,000 customers had been affected by a security breach that resulted in customer credit card information being stolen.
  • November 2019
    The OnePlus security team discovered another data breach when monitoring the company’s systems.

    OnePlus said that it had discovered that some of its users' order information was accessed by an unauthorised party. It said that payment information, passwords and accounts were safe but that impacted users could receive spam and phishing emails as a result of the incident. The company also began notifying affected customers. However, the company wouldn’t (or couldn’t) say how many people were involved in the breach

Your questions answered

See our answers to the FAQs we get asked about the OnePlus Data Breach.

How did the 2018 security incident happen?

According to a OnePlus spokesperson, the breach was discovered by the OnePlus security team when monitoring its systems. An unauthorised third-party/intruder was involved.

What data was accessed?

The details stolen by cybercriminals included:

Was my information accessed in the breach?

OnePlus informed all impacted users by email.