OnePlus has recently been in a lot of controversy surrounding the credit card fraud that occurred on their official store.
According to OnePlus’ official response, the company admitted having been attacked, while also announcing that up to 40,000 users at oneplus.net may be affected by the incident. The company states that they’ve already sent out emails to all the possibly affected users.
While OnePlus had claimed earlier that their server was secure, they did indeed suspend credit card payments. Now, the company has released more information about the purported hack and the customers affected.
According to the company’s investigation, one of their systems were hacked and a malicious script was injected into the payment page code to sniff out credit card info while it was being entered. This malicious script operated intermediately and would send data directly from the user’s browser. OnePlus claim that they have now isolated the infected server and reinforced all relevant security measures.
The team states that users who entered their credit card info on oneplus.net between mid-November 2017 and January 11, 2018, might be affected. However, only credit card numbers manually entered during this period may be compromised. Users who made payments using previously saved credit card information, or via PayPal should not be affected.
As of now, OnePlus has sent out emails to the potentially affected users. Furthermore, they also urge the users to check their bank statements and get in touch with their banks to prevent any fraudulent charges. OnePlus have also shared an monitored email id: firstname.lastname@example.org, for its customers to report issues to the company. The team has further stated that they are working with their providers and local authorities to better address the incident as well as with their current payment providers to implement a more secure credit card payment method.