Earlier this week, several people who had shopped at the OnePlus online store reported they were seeing fraudulent transactions on their credit cards, at the time company analysis they also apology for issue. Chinese smartphone maker Oneplus says up to 40,000 user affected may have had their credit card details stolen. Customers who entered their credit card details on OnePlus’ payments page between mid-November, 2017 and January 11, 2018, stand exposed to the risk of being hacked.
How did it happen?
The company clarified that one of their systems was attacked, Oneplus says up to 40,000 user affected and a malicious script was injected into the payment page code to read credit card information while it was being entered by the users. The script reportedly operated intermittently, recording and sending data directly from the users’ browser.
We cannot apologise enough for letting something like this happen. We are eternally grateful to have such a vigilant and informed community, and it pains us to let you down,” the post said.
OnePlus added that it is contacting the potentially affected customers directly and it is “working with our providers and local authorities to better address the incident.
What steps has OnePlus since taken?
We are also working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit. All these measures will help us prevent such incidents from happening in the future.”
Credit card payments will remain suspended on the OnePlus.net store until the investigation is complete, with customers able to purchase items through PayPal in the meantime. OnePlus says it is working to implement a more secure credit card payment method before it re-enables them.
Last week, OnePlus CEO Pete Lau told CNET that it is exploring partnerships with US carriers, but a spokesperson confirmed that this security breach will not change anything in terms of OnePlus’ online sales strategy. The company currently does not have plans to move its store to Amazon or another e-commerce platform.