๐ One Plus found leaking user data
๐ก Newskategorie: Hacking
๐ Quelle: ehackingnews.com
According to the report, OnePlus has been leaking names and email addresses of hundreds of its users, through the โShot on OnePlusโ application that allegedly carries a security flaw. The app offers you a place to upload photos taken by your OnePlus device to be featured as wallpapers by OnePlus users globally.
As the name suggests, โShot on OnePlusโ allows users to upload their photos from the phone or from a website (for which they need to be logged in to the OnePlus account) and set user-submitted photos as their wallpaper. Users can also adjust their profile, including their name, country, and email address from the app and the website. OnePlus chooses one photo every day to feature in the app and on the website. According to 9to5Google, the API OnePlus used to make a link between their server and the app was โfairly easy to accessโ despite carrying private information about users. It said anyone with an access token could โdo most actionsโ with the API. An API, or Application Programming Interface, is a software intermediary that allows two applications to talk to each other.
9to5Google said it discovered the โsomewhat majorโ vulnerability in the API OnePlus uses for the app a couple of months ago, and that the company had already fixed it. It said it was unclear for how long usersโ data had been leaking in this way, but believed it had been happening since the launch of the โShot on OnePlusโ app many years ago.
The leak was reported taking place because of a flaw which was communicated to the company in early May but hasnโt been completely patched despite a fix being rolled out.