Science

Impacted by OnePlus Breach

Impacted by OnePlus Breach

Up to 40,000 customers of smartphone vendor OnePlus may have had their credit card information stolen, the company said on Friday. This includes credit card numbers, expiration dates and security codes. The company says users who purchased items from its website between mid-November and January 11 stand at risk, though not if they used a credit card saved before that time or any of the PayPal-related payment options. For now, OnePlus has disabled its credit card payment system, and is currently only accepting purchases through PayPal. "The malicious script operated intermittently, capturing and sending data directly from the user's browser". Still, standard credit card payments with standard entry make up a large portion of an online company's sales, so this OnePlus credit card breach that leaked thousands and thousands of credit cards is no doubt extremely severe - despite a company spokesperson stating that the customers exposed to the attack only "represent a small subset" of its total customers. Everyone else may want to verify their recent card statements and report any suspicious charges to their bank.

We have contacted potentially affected users via email. It also says that customers that paid via a saved credit card, a credit card processed via PayPal, or through a PayPal account should not have been affected by the breach.

OnePlus is still investigating if the malicious script was loaded onto its servers remotely or if someone had physical access to the machine.




The company said, "We are eternally grateful to have such a vigilant and informed the community, and it pains us to let you down. They will help you initiate a chargeback and prevent any financial loss", OnePlus said. If you were one of the 40,000 people affected, OnePlus should be reaching out soon with a free year of credit monitoring.

Going forward, the OEM wants to avoid similar attacks by implementing a more secure credit card payment method, as well as conducting an in-depth security audit.

It isn't clear who was behind the hack, but OnePlus is working with its payment providers and local authorities to address the incident.