Published: Fri, January 19, 2018
Hi-Tech | By Grace Becker

OnePlus confirms security breach with a staggering number of affected users

OnePlus confirms security breach with a staggering number of affected users

"We are deeply sorry to announce that we have indeed been attacked, and up to 40k users at oneplus.net may be affected by the incident". In a letter to its customers, along with a post on its forums, OnePlus apologised for the breach and stated that the card number, expiry date and security code had all been compromised.

The company believes that users who were not typing the details but using saved credit card details, PayPal account or the "Credit Card via PayPal" method have not been affected by this major security breach.

A malicious script on the OnePlus.net site secretly recorded customers' credit card details from November 2017-when the company's OnePlus 5T went on sale-to January 11. A lot of customers had been complaining how their credit card details have been misused ever since they purchased OnePlus phones online. We are working with our providers and local authorities to better address the incident. This allowed hackers to see the customer's credit card numbers, expiration dates and security codes - essentially all the information needed to use a card for a fraudulent payment.

Tamim Iqbal stars as Bangladesh hit 320 against Sri Lanka
The transaction was facilitated by Lagardère Sports, the global marketing consultant of Sri Lanka Cricket for Nidahas Trophy. Tamim shared a 71 run stand for the first wicket with Anumal Haque (35) before bing joined in the middle by Shakib.

A malicious script on the company's pages was inserted, harvesting the information from web browsers.

After learning that fraudulent charges were appearing on its customers' credit cards, smartphone maker OnePlus disabled support for credit card payments and launched an on-going investigation. While some originally suspected OnePlus' payment processor was to blame for the issue, it appears that the credit card payment process worked exactly as it was supposed to. The infected server has since been quarantined, but it's unclear how much damage the script did during the roughly two-month period, or how it evaded OnePlus' security in the first place.

"We can not apologise enough for letting something like this happen". As a result of the breach, OnePlus says it's continuing to work with law enforcement, and will offer a year of free credit monitoring to all affected users. The Verge reports that the company is now working to launch a more secure credit card payment processing system before it re-enables standard payments, with hopes that this OnePlus credit card breach never happens again.

Like this: