OnePlus hack exposed credit card info of up to 40000 people

Yolanda Curtis
January 19, 2018

OnePlus in an official statement posted on its forums has confirmed that sensitive banking information including credit card numbers, expiry dates, and security codes of various OnePlus smartphone's users may have been compromised.

OnePlus is looking into providing a year of free credit monitoring for affected users.

Soon after, the company announced that it was disabling credit card payments on its website, as it continued to research the incident. Still, standard credit card payments with standard entry make up a large portion of an online company's sales, so this OnePlus credit card breach that leaked thousands and thousands of credit cards is no doubt extremely severe - despite a company spokesperson stating that the customers exposed to the attack only "represent a small subset" of its total customers. Reached for comment, a OnePlus representative offered no further details beyond the company's statement. OnePlus says that as many as 40,000 of its customers were affected by the breach. The infected server has since been quarantined, but it's unclear how much damage the script did during the roughly two-month period, or how it evaded OnePlus' security in the first place.

Until the investigation is completed, credit card payments on the OnePlus online store will be suspended, with customers urged to complete payments via PayPal in the meantime.

"We can not apologize enough for letting something like this happen". However, it didn't affect everyone: Users who paid via a saved credit card, PayPal or with the "Credit Card via PayPal" method should not be affected. An investigation into potential culprits is still ongoing, and while a spokesperson insists only one server was affected, he was unable to confirm whether the vulnerability existed in other company-owned servers as well.

OnePlus advised users to watch their credit card statements for unusual activity and to email its security team if they notice other problems.

Going forward, the OEM wants to avoid similar attacks by implementing a more secure credit card payment method, as well as conducting an in-depth security audit.

It isn't clear who was behind the hack, but OnePlus is working with its payment providers and local authorities to address the incident.

Other reports by iNewsToday