OnePlus Confirms Credit Card Breach – Nearly 40,000 Customers Fall Prey To A Major Security Breach
OnePlus has been dealing with a lot of security problems in the past few months but it seems that things just went a whole lot worse for the company. A lot of customers had been complaining how their credit card details have been misused ever since they purchased OnePlus phones online through the official website. The company had denied this and released a statement that they cannot store payment details of the customers and hence it was not possible. However, it seems that these statements hold no value anymore. The company has finally confirmed a breach in its online system!
Major Breach In OnePlus Servers
The Chinese smartphone manufacturer finally released a statement today and admitted that the credit card details of around 40,000 customers have been stolen by a hacker whose identity remains unknown. This happened between mid-November 2017 and January 11, 2018. The company said that the attacker had managed to inject a malicious script on to the payment page code. Using this, the attacker managed to steal credit card information as it was being entered by the customers. The script captured credit card information that included everything from card numbers to security codes.
According to the OnePlus official forum: “The malicious script operated intermittently, capturing and sending data directly from the user's browser. It has since been eliminated. We have quarantined the infected server and reinforced all relevant system structures."
The company believes that users who were not typing the details but using saved credit card details, PayPal account or the ‘Credit Card via PayPal’ method have not been affected by this major security breach.
The issue is still under investigation and the company aims to carry out an in-depth security audit to find the culprits behind this mess and to discover how a malicious script was injected into its servers. Till the matter is handled, credit card payments will be disabled. Users can continue using PayPal.
"We are eternally grateful to have such a vigilant and informed the community, and it pains us to let you down," the company said. "We are in contact with potentially affected customers. We are working with our providers and local authorities to address the incident better."
The company is also getting in touch with the customers who were affected by the breach and is advising them to keep a close watch on their bank account statements in case any suspicious activity occurs in the future. The company is also considering offering a year long subscription of credit monitoring service for free to all the customers who were affected.