OnePlus Has Reportedly Leaked Hundreds of Emails Addresses
Online privacy has been one of the focal points in recent news as major internet companies are constantly coming under scrutiny over their business practices that involves user data. While companies are focused towards keeping security intact in their products, often there are leaks which contain sensitive user data. According to a recent report by 9t5Google, Shot on OnePlus has been leaking its users’ emails.
If you own OnePlus device, Shot on OnePlus allows you to upload photo using the app and then share it to other OnePlus users. However, as the report pointed out, the API used in the app to connect you to the manufacturer’s server is highly unprotected. Using an access token, you can use an API to collect information of users who use the service. This information includes: name, email address, country of residence as well as phone model among many.
If you manage to access the API, you will also have access to the Shot on OnePlus gid which will allow you to collect data of without users’ knowledge. Interestingly, OnePlus was aware of the issue since May and shortly after 9to5Google contacted them, they made several changes to obscure the email addresses. However, it’s unclear how much of the stored data was compromised due to the vulnerability.