So OnePlus has finally admits that more than 40,000 user’s credit card details have been breached and used in multiple fraudulent transactions who made purchases on its official website in the period of Mid-November 2017 to January, 2018.
“The malicious script operated intermittently, capturing and sending data directly from the user’s browser. It has since been eliminated,” OnePlus said on its official forum. “We have quarantined the infected server and reinforced all relevant system structures.”
So Who’s affected !
- Credit card info (card numbers, expiry dates and security codes) entered at oneplus.net during this period may be compromised.
- Users who paid via a saved credit card should NOT be affected.
- Users who paid via the “Credit Card via PayPal” method should NOT be affected.
- Users who paid via PayPal should NOT be affected.
While OnePlus had claimed earlier that their all severs including payment gateways was secure but actually it was not.
According to the company’s investigation report, one of their systems were hacked and a malicious script was injected into the payment page code which silentily captures the credit card info while it was being entered by any user.
This malicious script operated intermediately and would send data directly from the user’s browser. OnePlus claim that they have now isolated the infected server and reinforced all relevant security measures and also suspended the payment gateway for the meantime at OnePlus’s website.
Also, OnePlus has sent out emails to all the potentially affected users. Furthermore, they also urge the users to check their bank statements from the bank and get in touch with their banks to prevent any fraudulent charges. OnePlus have also shared an monitored email id: firstname.lastname@example.org, for its customers to report issues to the company.
Furthermore, the company assured that it is working to create and implement a more robust and secure payment gateway but what about that customers who already loose their money ?