OnePlus admits up to 40,000 customers were affected by credit card security breach

“OnePlus has temporarily suspended all credit card payments on its global website”

Earlier this week, we reported news of an alleged security breach on OnePlus’s international e-commerce portal which was brought to notice by several users on the company’s forums. At the time, the company made an official statement saying that it would immediately begin investigating the matter. Now, post investigations, OnePlus has confirmed that there was a security breach on its website, and that up to 40,000 customers were affected by it.

oneplus_5t_product_shots_9The company had tied up with a third-party security agency for the investigation and claims that the security breach was caused owing to a malicious script which stole credit card information of users including the card number, expiry date as well as the security numbers. The company claims that the script captured the customer’s credit card information directly from their browsers while they were purchasing OnePlus products from the website.

OnePlus 5t featured
While the reports of fraudulent transactions have only been going around for a few weeks, OnePlus says that the script had been running on one of its payment-processing servers since mid-November. As of now, it is not known whether the cyber-attack was done remotely or if someone had physical access to the infected server. The company also claims that users who made their purchases via a saved credit card, credit card via PayPal account or through PayPal directly should not have been affected by the breach.

In a statement, a OnePlus spokesperson said that the company is contacting customers who were infected by the breach and was offering them a year of credit monitoring services for free. Credit card payments, for the time being, will remain suspended on the company’s official online store, even though the threat has reportedly been eliminated.

oneplus_5t_product_shots_11

“We cannot apologize enough for letting something like this happen. We are eternally grateful to have such a vigilant and informed community, and it pains us to let you down. We are in contact with potentially affected customers. We are working with our providers and local authorities to better address the incident. We are also working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit. All these measures will help us prevent such incidents from happening in the future,” the company said on its forum post.

While the security breach was indeed a serious one, it’s worth mentioning that only customers who shopped on oneplus.net were affected, so users in India who made purchases on oneplusstore.in don’t have anything to worry about.

Source