OnePlus online shoppers were faced with a less than desirable situation when a credit card breach saw fraudulent activity on shoppers’ credit cards. OnePlus have begun an investigation into the situation on an urgent basis to determine the extent of the breach as well as tend to their affected customers.
The company was made aware of the situation when their online customers began reporting transactions on their credit cards that were very clearly fraudulent. Upon investigation, OnePlus found that the results yielded a breach of up to about 40,000 users’ credit card details being stolen. These details were stolen by way of a malicious code that had been injected into the company’s website
According to a staff member at OnePlus, one of their systems had been attacked and malicious script inserted into the code of the payments page. This gave the attackers the opportunity to retrieve sensitive information from customers as they were entering their credit card details. The script would operate intermittently to capture the details before encryption and send data straight from the user’s browser. The staff member has confirmed that they have since eliminated the malicious code from their website.
OnePlus has stated that the only user who would be potentially impacted is those who entered their credit card information for the first time from mid-November 2017 to 11 January 2018. Users who had paid using a previously saved credit card would not be affected as well as those using PayPal directly or a Credit Card via PayPal, as they did not directly input any new information via the OnePlus site.
The company is extremely apologetic about the breach and has apologized to OnePlus shoppers for letting the situation happen at all. They have also extended their gratitude to their community and thanked them for being so vigilant as well as being informed and reporting the problem. In the official post sent out by OnePlus, they explained to their community that it pains them to have let their community down.
OnePlus have reassured their customers that they will be in contact with the affected shoppers directly to address the incident. Additionally, they are also working with local authorities and their own service providers to effectively address the situation. The company has additionally offered affected customers a years’ worth of free credit monitoring, as a means of assisting in this situation. They have also suspended all credit card transactions on their site for the time being.
The company is urging shoppers that may have entered their credit cards details on the OnePlus payment page for the first time during this breach period between mid-November and mid-January, to contact their banks to cancel the credit card used and to request a new one.
This is a safety precaution to ensure further customers do not fall victim to this breach, regardless of whether or not they have seen fraudulent activity on their credit cards. Additionally, the company is urging shoppers to contact their bank if they come across any charges to their card that they do not recognize, in order to initiate a chargeback as soon as possible.
The investigation is on-going in order to find the culprits responsible for the breach. According to an OnePlus spokesperson, only one of their servers was affected by the malicious code injection however, he was unable to state if any other company-owned servers had been affected. The company has expressed their intention to be transparent in solving this problem, yet they have not confirmed if they will release the full results of their investigation once it has been concluded.
This situation does not boast well of OnePlus’ reputation after a number of blunders in the past year that have seen fans concerned about the brand. These blunders have questioned the security of personal data with OnePlus devices as well as the performance of the device during emergency calls.