wordpress blog stats
Connect with us

Hi, what are you looking for?

‘Less than 3,000 Indians affected by the OnePlus data breach,’ says CERT-In

On November 26, the Indian Computer Emergency Response Team (CERT-In) said (archived here) that it had learnt that fewer than 3,000 Indians were affected by the OnePlus data breach which exposed the name, contact number, email and shipping address of certain users. CERT-In has given this breach a “Medium” rating, and has advised OnePlus users to change their account passwords, and not to open attachments and URLs in “unsolicited” emails. The Economic Times first reported this.

The number of Indians affected from the breach isn’t mentioned in the references that CERT-In has given in the advisory, suggesting that OnePlus provided this information to CERT-In directly.

OnePlus data breach: On November 22, the Chinese phone manufacturer had said that an “unauthorised party” had gained access to the order information of some of its users on its website. While it confirmed that names, contact numbers, email addresses and shipping addresses of its users “may have been” compromised, their “payment information, passwords and accounts are safe”.

  • OnePlus said that it took “immediate steps” to stop the intruder and make sure that there were no similar vulnerabilities in its system. However, as The Verge pointed out, this did not explain why it took the company a week to disclose the data breach.
  • The company said it had reached out to users whose account details might have been compromised to the extent that it told users who haven’t received an email from OnePlus that they would “rest assured” that their information was safe.
  • OnePlus will partner with a security platform next month, and will launch an official bug bounty program by the end of December. OnePlus hasn’t disclosed the name of the security platform that it’ll partner with.

Did OnePlus downplay the breach? OnePlus took a week to disclose the breach, and it is still unclear when exactly it notified CERT-In. As per a November 26 ET report, the company did not reveal if and when it had notified CERT-In of the breach. It only said that it was in the process of shifting its data to Amazon Web Services (AWS) India servers from Singapore. Quoting a legal expert, ET said that not reporting such an issue to CERT-In was an offence for which the company’s top brass could face consequences. CERT-In’s advisory came later that day, which could potentially mean that OnePlus notified the agency of the vulnerability only after media reports related to its non-reporting started to surface. We have reached out to OnePlus for clarification.

  • In an FAQ, the company only said that affected users might receive spam and phishing emails as a result of this incident even though the breach exposed sensitive personal information of people, including their shipping addresses and contact numbers.

OnePlus has been here before:

  • In June 2019, a security flaw in the ‘Shot on OnePlus’ app caused OnePlus to leak the email addresses and other personal information of hundred of its users.
  • In January 2018, OnePlus said that the credit card details of up to 40,000 users of oneplus.net may have been compromised by an attack on one of its systems.
  • In October 2017, a software engineer discovered that OxygenOS – OnePlus’s version of Android – was sending huge amounts of analytics data to the company.

Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.

News

In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...

News

By Jai Vipra, Senior Resident Fellow at Vidhi Centre for Legal Policy The use of new technology, including facial recognition technology (FRT) by police...

News

By Stella Joseph, Prakhil Mishra, and Yash Desai The Government of India circulated proposed amendments to the Consumer Protection (E-Commerce) Rules, 2020 (“E-Commerce Rules”) which...

News

By Rahul Rai and Shruti Aji Murali A little less than a year since their release, the Consumer Protection (E-commerce) Rules, 2020 is being amended....

You May Also Like

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ