Data breach effect: OnePlus opens bug bounty programme

Last Updated 20 December 2019, 06:50 IST

Last month, OnePlus, suffered a data breach on its official e-commerce site and hackers reportedly stole the former's customers' personally identifiable information such a s name, contact number, email and shipping address.

Though there was no immediate risk of financial loss to the OnePlus phone owners, they were warned of phishing attempts by the bad actors and be wary of emails from unknown people. There was no official information on how many were affected, but CERT-In (Indian Computer Emergency Response Team) revealed that a little less than 3,000 Indian OnePlus mobile owners' personal details were stolen.

This was second such instance of a data breach for OnePlus in as many years. In January 2018, OnePlus e-store got hacked and the cybercriminals took away credit card details of more than 40,000 OnePlus phone owners. And, they made fraudulent transactions in international regions, leaving the victims poorer by hundreds of dollars and Euros.

After the recent incident, OnePlus owed to improve the firewall systems not just its e-commerce website, but the overall corporate network of the company. It announced to collaborate with world-renowned cybersecurity platform and initiate a bug bounty programme.

As promised, the company has commenced OnePlus Security Response Center and independent cyber security experts are invited to participate and win lucrative rewards.

"The global OnePlus Security Response Center will engage academics and security professionals to responsibly discover, disclose and remediate issues that could affect the security of OnePlus’ systems, and will help us proactively counter potential external threats to user security. Security researchers around the world can proactively search for and report OnePlus-related security issues through the new bug bounty program. Rewards for qualifying bugs reports will range from $50 to $7,000, depending on the potential impact of the threat,"

OnePlus bug bounty assessment and rewards:
The company says the reward will be determined based on vulnerability severity and actual business impact.

Interested cyber security experts can register and submit bugs and glitches to security.oneplus.com, the reward tiers are (US Dollars):
· Special cases: up to $7,000
· Critical: $750 - $1,500
· High: $250 - $750
· Medium: $100 - $250
· Low: $50 - $100

Also, the company is partnering white hat ethical hacking group HackerOne and will start a separate pilot program, wherein prominent researchers will be offered to test out OnePlus’ systems against potential threats. A public version of the program is expected to kick off in early 2020.

Stay tuned. Get the latest news on new launches, gadget reviews, apps, cyber security and more on personal technology only on DH Tech.

(Published 20 December 2019, 06:50 IST)

Follow us on