OnePlus Says 40,000 Customers Exposed To Credit Card Security Breach

OnePlus is currently in the midst of investigating a credit card payment processing breach on its website, and we're now learning the full scope of the vulnerability. As promised, and adhering to its commitment to providing full disclose, OnePlus says that anyone that entered their credit card details (card numbers, expiry dates and security codes) via oneplus.net between mid-November 2017 and January 11, 2018 may have been exposed.

According to OnePlus, that means that as many as 40,000 customers are affected and could potentially begin seeing fraudulent charges on their credit cards (if they haven't already, like many other customers). The company is in the process of emailing customer that are potentially affected by this security breach.

OnePlus 5

After a thorough audit of its system, OnePlus discovered that a malicious script was injected into to the code for the webpage that processes payments, and in the process was able to retrieve credit card details. OnePlus goes on to say that it "quarantined the infected server and reinforced all relevant system structures."

OnePlus is quick to point out that anyone that paid for their purchase with a saved credit card or using PayPal (including Credit Card via PayPal) are not affected by this breach. Credit payment processing remains disabled on the site.

"We are working with our providers and local authorities to better address the incident," wrote the OnePlus Team in a forum posting. "We are also working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit. All these measures will help us prevent such incidents from happening in the future."

This latest security incident, coupled with OnePlus' previously lax policy regarding customer privacy might sour the company's efforts to cozy up with American's "Big Four" wireless carriers. Chinese counterpart Huawei has already found out the hard way that the U.S. government isn't receptive to such deals taking place.


Tags:  security, breach, OnePlus
Via:  OnePlus
Show comments blog comments powered by Disqus