40,000 credit card holders affected for buying products on OnePlus website
OnePlus has confirmed that the users who purchased products on the OnePlus website between mid-November to this January, have been affected.
OnePlus has been undergoing some serious security allegations about its official website lately. Last week, few of the Reddit users claimed that their credit cards were used in a fraudulent activity after purchasing on the OnePlus official website. This has been picked up by OnePlus and Fidus Information Security, where the Fidus security team had undergone the payment system and confirmed that there was a breach, which led to the fraudulent activity of the customer’s credit cards.
A spokesperson from the OnePlus team has confirmed that around 40,000 customers who purchased products with their credit cards on the OnePlus website in the time period between mid-November 2017 to January 11, 2018, have been affected. This means that their complete credit card information is out to the hackers and can be used for any fraudulent activity. The company suggests users who have undergone these transactions to check their credit card activity with respective banks, which is unusual for a company to suggest instead of having a secure payment system.
Fidus Information Security explained how the breach could have happened, which you can check here. The company also stated "the malicious script operated intermittently, capturing and sending data directly from the user's browser. It has since been eliminated. We have quarantined the infected server and reinforced all relevant system structures." OnePlus is also offering "one year of credit monitoring to affected customers," according to company’s spokesperson. OnePlus has also claimed that they do not store any credit card information and the payment transaction is handled by a third-party payment organisation.
OnePlus, for now, has disabled the credit card payment system on their website. But, users can still buy with their PayPal account, which wasn’t affected by the breach, the company said.