1 min read

OnePlus hacked; credit card info of 40,000 customers compromised

Filip TRUȚĂ

January 22, 2018

OnePlus hacked; credit card info of 40,000 customers compromised

Hackers attacked the web site of smartphone manufacturer OnePlus and compromised credit card information of up to 40,000 customers, the Shenzhen, China-based company has confirmed.

In a January 19 forum post, OnePlus reveals a malicious script was injected into its payment page code after hackers successfully penetrated one of its systems. The script ran intermittently but could sniff out credit card information as it was entered.

“We are deeply sorry to announce that we have indeed been attacked, and up to 40k users at oneplus.net may be affected by the incident. We have sent out an email to all possibly affected users,” the company says.

“We cannot apologize enough for letting something like this happen. We are eternally grateful to have such a vigilant and informed community, and it pains us to let you down.”

The phone maker reveals that oneplus.net had been under attack for an extended period – from mid-November 2017 to January 11, 2018. Credit card information (including card numbers, expiry dates and security codes) entered at oneplus.net during this time “may be compromised,” the company says.

Customers shopping with a “saved” credit card (i.e. who didn”t have to enter the information manually) should not be affected. The same applies to users who paid with “credit card via PayPal,” and users who paid with PayPal itself.

The threat has since been eliminated, and OnePlus has quarantined the infected server. The company is working with payment providers and local authorities to better understand how hackers infiltrated its systems. As it conducts its audit, OnePlus is also implementing “a more secure” credit card payment method.

In the meantime, customers who received OnePlus”s email about the hack are instructed to check their card statements and report any suspicious activity to their bank. Users who happen upon “potential system vulnerabilities” on the oneplus.net website are urged to report them to security@oneplus.net.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read