On November 13, 2019, the Organization received a monitoring alarm system warning, which showed abnormal behavior in its after-sales service API portal. The Organization investigated and discovered that between October 30 and November 13, 2019, an unauthorized individual registered for an account and used it to access the after-sales pickup and dropoff services IMEI lookup page. Through the lookup page, registered users may find order information using the IMEI number (i.e., the International Mobile Equipment Identity number found on smartphones). The unauthorized individual was able to access data relating to other users and their orders.

File Type: pdf
File Size: 614 KB
Categories: 2020