On November 26, the Indian Computer Emergency Response Team (CERT-In) said (archived here) that it had learnt that fewer than 3,000 Indians were affected by the OnePlus data breach which exposed the name, contact number, email and shipping address of certain users. CERT-In has given this breach a “Medium” rating, and has advised OnePlus users to change their account passwords, and not to open attachments and URLs in “unsolicited” emails. The Economic Times first reported this. The number of Indians affected from the breach isn’t mentioned in the references that CERT-In has given in the advisory, suggesting that OnePlus provided this information to CERT-In directly. OnePlus data breach: On November 22, the Chinese phone manufacturer had said that an “unauthorised party” had gained access to the order information of some of its users on its website. While it confirmed that names, contact numbers, email addresses and shipping addresses of its users "may have been" compromised, their “payment information, passwords and accounts are safe”. OnePlus said that it took “immediate steps” to stop the intruder and make sure that there were no similar vulnerabilities in its system. However, as The Verge pointed out, this did not explain why it took the company a week to disclose the data breach. The company said it had reached out to users whose account details might have been compromised to the extent that it told users who haven't received an email from OnePlus that they would "rest assured" that their information was safe. OnePlus will…
