Yet Another Data Breach, Indian Agency Cautions OnePlus Store Users
According to the latest advisory issued by CERT, OnePlus has informed the agency that less than 3,000 Indian customer orders at the company's online store were affected
In yet another instance of how the data one shares online is invariably vulnerable to potential leak, India’s main cybersecurity agency has issued an advisory to users of OnePlus online store. For the Chinese smartphone maker, which has made massive in-roads into the premium smartphone segment in the country, this is the second such reported breach in two years.
According to the latest advisory issued by India’s Computer Emergency Response Team (CERT), OnePlus has informed the agency that less than 3,000 Indian customer orders at the company’s online store were affected.
What Should Indian OnePlus Customers Do?
OnePlus has said that all affected users have been notified by e-mail and has clarified that sensitive payment information such as bank account details or passwords had not been leaked.
Details such as contact numbers, names, email addresses, order information and shipping addresses were reportedly exposed.
Despite OnePlus’ claims about passwords, CERT, which has given the incident a severity rating of ‘medium’, advised people to change their OnePlus store passwords and use a “strong” replacement.
“The kind of information exposed...can be abused to impersonate as victim and gain access to other accounts,” the agency said in its advisory.
It also said users could receive phishing and spam mails and they needed to be aware about those. It asked users not to open attachments or click on the links in unsolicited emails.
Twice in Two Years
In January last year, OnePlus reported a major security breach, where 40,000 users who had shopped on the online store had been affected.
Credit card numbers, expiry dates and security codes were leaked in the incident through a malware that was live for close to two months, the company had said.
The OnePlus breach comes close on the heels of multiple data breaches for Facebook-owned messaging service WhatsApp, bringing widespread attention to the idea of online data security across the world.