wordpress blog stats
Connect with us

Hi, what are you looking for?

‘Less than 3,000 Indians affected by the OnePlus data breach,’ says CERT-In

On November 26, the Indian Computer Emergency Response Team (CERT-In) said (archived here) that it had learnt that fewer than 3,000 Indians were affected by the OnePlus data breach which exposed the name, contact number, email and shipping address of certain users. CERT-In has given this breach a “Medium” rating, and has advised OnePlus users to change their account passwords, and not to open attachments and URLs in “unsolicited” emails. The Economic Times first reported this.

The number of Indians affected from the breach isn’t mentioned in the references that CERT-In has given in the advisory, suggesting that OnePlus provided this information to CERT-In directly.

OnePlus data breach: On November 22, the Chinese phone manufacturer had said that an “unauthorised party” had gained access to the order information of some of its users on its website. While it confirmed that names, contact numbers, email addresses and shipping addresses of its users “may have been” compromised, their “payment information, passwords and accounts are safe”.

  • OnePlus said that it took “immediate steps” to stop the intruder and make sure that there were no similar vulnerabilities in its system. However, as The Verge pointed out, this did not explain why it took the company a week to disclose the data breach.
  • The company said it had reached out to users whose account details might have been compromised to the extent that it told users who haven’t received an email from OnePlus that they would “rest assured” that their information was safe.
  • OnePlus will partner with a security platform next month, and will launch an official bug bounty program by the end of December. OnePlus hasn’t disclosed the name of the security platform that it’ll partner with.

Did OnePlus downplay the breach? OnePlus took a week to disclose the breach, and it is still unclear when exactly it notified CERT-In. As per a November 26 ET report, the company did not reveal if and when it had notified CERT-In of the breach. It only said that it was in the process of shifting its data to Amazon Web Services (AWS) India servers from Singapore. Quoting a legal expert, ET said that not reporting such an issue to CERT-In was an offence for which the company’s top brass could face consequences. CERT-In’s advisory came later that day, which could potentially mean that OnePlus notified the agency of the vulnerability only after media reports related to its non-reporting started to surface. We have reached out to OnePlus for clarification.

  • In an FAQ, the company only said that affected users might receive spam and phishing emails as a result of this incident even though the breach exposed sensitive personal information of people, including their shipping addresses and contact numbers.

OnePlus has been here before:

  • In June 2019, a security flaw in the ‘Shot on OnePlus’ app caused OnePlus to leak the email addresses and other personal information of hundred of its users.
  • In January 2018, OnePlus said that the credit card details of up to 40,000 users of oneplus.net may have been compromised by an attack on one of its systems.
  • In October 2017, a software engineer discovered that OxygenOS – OnePlus’s version of Android – was sending huge amounts of analytics data to the company.

Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



The Delhi High Court should quash the government's order to block Tanul Thakur's website in light of the Shreya Singhal verdict by the Supreme...


Releasing the policy is akin to putting the proverbial 'cart before the horse'.


The industry's growth is being weighed down by taxation and legal uncertainty.


Due to the scale of regulatory and technical challenges, transparency reporting under the IT Rules has gotten off to a rocky start.


Here are possible reasons why Indians are not generating significant IAP revenues despite our download share crossing 30%.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ