OnePlus Reports Credit Card Breach Affecting Thousands of Customers

The Chinese smartphone manufacturer OnePlus admits that its credit card payment service was breached last week. According to the company's statement, an unknown hacking group has injected a malicious script into OnePlus online payment page and has been thus able to get access to the credit card information of around 40,000 customers. This data theft has happened in real time, affecting only customers who have inserted their credit card details during the purchase process.

The malicious script has operated intermittently, and it has captured the target data directly from the clients' web browsers, sending it afterward to the attackers' server. The breach concerns only customers who have entered their information like credit card number, security code and expiry date at oneplus.net online store in the period between mid-November 2017 and January 2018. On the other hand, customers who have made their payments through PayPal, or have used a saved credit card, have not been affected by the breach. This is due to the fact that the saved credit card info is being stored in an encrypted and secured format by OnePlus' payment processing partner.

OnePlus declares that the malicious script has been removed immediately after detection, and the infected server has been put under quarantine. Also, the company continues to investigate how the hackers managed to conduct this severe cyber attack. All potentially affected customers will be contacted and informed about the possible breach of their data and recommended to check their credit card statements for any unauthorized payments. The company states it will contact per email only buyers for whom it believes that their data has been breached.

Apparently, OnePlus confirms the attack only after there have been many complaints from customers who have purchased products from the company's online store, and have subsequently noticed unknown transactions on their credit cards. That has triggered the investigation of the issue and has led to the temporary disabled credit card payments service at oneplus.net online store. As it turns out, the damage has already been done, yet for OnePlus it is now very important to find the weak points in its systems so that any potential attacks could be prevented.