Chineses smartphone manufacturer OnePlus has finally confirmed that its online payment system was breached and credit card information owned up to 40 thousand customers
Chinese smartphone manufacturer OnePlus has reported that its online payment system was breached and credit card information owned up to 40 thousand customers were stolen by an unidentified hacker. The breach was taken between the middle of November 2017 and January 11, 2018.
On the report of the company, the hacker targeted it's computer systems and injected a malicious script into the payment page code to sniff out credit card information while it was being entered by the customers on the site for making payments.
OnePlus Staff Member Mingyu said:
One of our systems was attacked, and a malicious script was injected into the payment page code to sniff out credit card info while it was being entered. The malicious script operated intermittently, capturing and sending data directly from the user's browser. It has since been eliminated. We have quarantined the infected server and reinforced all relevant system structures.
Who are and who aren't affected?
- Credit card info (card numbers, expiry dates and security codes) entered at oneplus.net during this period may be compromised.
- Users who paid via a saved credit card should NOT be affected.
- Users who paid via the "Credit Card via PayPal" method should NOT be affected.
- Users who paid via PayPal should NOT be affected.
In a meantime, OnePlus credit card payments will remain disabled until in-depth security audit investigation is completed but users can make purchases through PayPal.
OnePlus has notified all affected customers via an email and give pieces of advice that to keep a close eye on their bank account statement for any fraudulent charges. The company is also looking into offering a one-year subscription of credit monitoring service for free to all affected customers.