OnePlus confirmed that a security breach affected its online payment system, a few days ago many customers of the Chinese smartphone manufacturer claimed to have been the victim of fraudulent credit card transactions after making purchases on the company web store.
Dozens of cases were reported through the support forum and on Reddit, the circumstance that credit cards had been compromised after customers bought a smartphone or some accessories from the OnePlus official website suggests it was compromised by attackers.
On January 19, the company released a statement to admit the theft of credit card information belonging to up to 40,000 customers. The hacker stole the credit card information between mid-November 2017 and January 11, 2018 by injecting a malicious script into the payment page code.
The script was used by attackers to sniff out credit card information while it was being entered by the users purchasing on the web store.
“We are deeply sorry to announce that we have indeed been attacked, and up to 40k users at oneplus.net may be affected by the incident. We have sent out an email to all possibly affected users.” reads the statement.
“One of our systems was attacked, and a malicious script was injected into the payment page code to sniff out credit card info while it was being entered. The malicious script operated intermittently, capturing and sending data directly from the user’s browser. It has since been eliminated.”
OnePlus is still investigating the breach to determine how the hackers have injected the malicious script into its servers.
The script was used to sniff out full credit card information, including card numbers, expiry dates, and security codes, directly from a customer’s browser window.
OnePlus said that it has quarantined the infected server and enhanced the security of its systems.
Clients that used their saved credit card, PayPal account or the “Credit Card via PayPal” method are not affected by the security breach.
As a precaution, the company is temporarily disabling credit card payments at oneplus.net, clients can still pay using PayPal. The company said it is currently exploring alternative secure payment options with our service providers.
OnePlus is notifying all possibly affected OnePlus customers via an email.
“We are eternally grateful to have such a vigilant and informed the community, and it pains us to let you down. We are in contact with potentially affected customers. We are working with our providers and local authorities to address the incident better,” continues the statement.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
Pierluigi Paganini(Security Affairs – CIA Director, email hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
Fintech firm Figure confirmed a data breach after hackers used social engineering to trick an…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in BeyondTrust RS and…
A new alleged Russia-linked APT group targeted Ukrainian defense, government, and energy groups, with CANFAIL…
A new threat actor, UAT-9921, uses the modular VoidLink framework to target technology and financial…
Attackers quickly targeted BeyondTrust flaw CVE-2026-1731 after a PoC was released, enabling unauthenticated remote code…
Google says nation-state actors used Gemini AI for reconnaissance and attack support in cyber operations.…
This website uses cookies.
