14 DAY TRIAL // OnePlus has confirmed today in a public statement that a security breach, discovered earlier this week on its online store, put credit card data of about 40,000 customers in the hands of hackers.
There were various reports lately from many customers who brought OnePlus smartphones from the company's online store about unknown transactions on their credit cards, transactions that they did do and that appeared after their OnePlus purchases.
These reports came from customers who paid directly with their credit cards instead of using a third-party payment service like PayPal, which masks customer's credit card information and it's very secure. OnePlus investigated the issue and temporarily disabled credit card payments on its online store at oneplus.net.
After a little more investigation, it would appear that approximately 40,000 customers may have been exposed to the security breach, as OnePlus confirmed in an update earlier today. The company apologized to users and said it would send emails only to users that they think they were potentially affected by the security breach.
"We are deeply sorry to announce that we have indeed been attacked, and up to 40k users at oneplus.net may be affected by the incident," said one of OnePlus' employees in a public statement. "We have sent out an email to all possibly affected users."
Here's what happened and who's affected
According to OnePlus, their credit card payment service was breached by some unknown hacking group that injected a malicious script directly into the payment page code to steal credit card information in real-time when customers entered their data. OnePlus says the malicious script operated intermittently.
Meaning that it could capture and send credit card of OnePlus customers data directly from their web browser. The malicious script was immediately removed and the infected payment server quarantined for further investigation to discover how the hackers were able to breach it.
Affected users include all customers who entered their credit card information, such as card numbers, expiry dates and security codes, on OnePlus' online store at oneplus.net between mid-November 2017 and January 11, 2018. OnePlus said that those who paid via a saved credit card or PayPal aren't affected.
The company is currently in the process of contacting customers that they believe are potentially affected by the security breach to inform them about the attack, and recommends them to immediately check credit card statements and report any unknown charges to the card issuer.