OnePlus finally confirmed what most of us already knew: they were indeed the victim of a massive credit card security breach that has reportedly affected more than 40,000 of their customers. The Chinese OEM was investigating complaints that there were unexplained charges on people’s credit cards after they bought something from the website’s online store. They said they “cannot apologize enough for letting something like this happen” and they are currently working on making sure this will not happen again.
The result of their still ongoing investigation showed that a malicious script was injected into their payment page code which allowed an obviously nefarious party to get credit card information of customers. They have since then been able to eliminate the code and also quarantine the infected server. Customers who bought something from the website between November 2017 and January 11, 2018 and entered their credit card info have been affected. But those who paid using saved credit cards or Credit Card via PayPal were not affected.
OnePlus has already emailed the affected users, informing them that their credit cards may have been compromised. Users will have to get in touch with their respective credit card companies to reverse the charges. The OEM is also still working with law enforcement to better address the incident. They are also working with payment providers to ensure that this will not happen again in the future.
This is actually a big blow for OnePlus in terms of customer’s trust in their system. Even though they are working on making sure there’s no repeat, people will probably think twice about buying something from their online store again.
January 19, 2018 at 05:03PM