comscore
News

OnePlus credit card fraud: 40,000 customers potentially at risk

OnePlus has reached out to potentially affected customers and asked them to check their credit card records for malicious activity.

  • Published: January 20, 2018 11:18 AM IST

In response to the credit card fraud on its official web store, OnePlus has now started sending affected users an apology email along with details about how the attack was conducted where financial details of customers was compromised, and what all steps the company is taking to contain the damage.

Consumers who shopped from oneplus.net between October and December 2017 started reporting credit card fraud earlier this week. Users claimed they received notifications of fraudulent transactions on their credit card. Since Monday, OnePlus has been investigating the matter and has finally come to acknowledge that its systems were indeed affected and put to risk some 40,000 users who shopped from its official website.

The company has sent out a notification email to all possibly affected users explaining how their information was compromised. In the official blog, OnePlus notes that the company’s systems were attacked and a malicious script was injected into the payment page code to extract credit card information while it was being entered.

In the email, OnePlus assures that the malicious script has been eliminated, and the infected servers have been quarantined. Without giving out the exact figure, the company says some users who entered their credit card information between mid-November 2017 and January 11, 2018, may be affected by the attack. The compromised information includes credit card number, expiry dates, and security codes.

However, OnePlus claims that those should not be affected who paid with a saved credit card, or via the “Credit Card via PayPal” method, or through direct PayPal method. As for the consumers, it is advisable to check your credit card statements and report any suspicious activity to the bank immediately to prevent any loss. OnePlus has reached out to potentially affected customers and is working with its providers and local authorities to better address the incident.

Soon after the incident was reported, OnePlus disabled credit card payments on its platform to avoid further damage. The company said it was investigating and looking for alternative payment options but will only support payments via PayPal for now.

Meanwhile, security experts at Fidus Information Security said that OnePlus does not store or read customers’ card details but the information still goes through its servers for a brief period of time before making it to the third party payment company’s database. They had described a bug called Magento, which allows attackers to insert a malicious JavaScript code to steal information.

  • Published Date: January 20, 2018 11:18 AM IST