OnePlus issues statement as some buyers complain of credit card fraud

Andrew Cummings
January 16, 2018

OnePlus is investigating widespread reports of its customers confronting fraudulent activity on their credit accounts after purchasing a phone from the company. In a thread on the OnePlus subreddit referencing those support forums posts, quite a few users have noted credit card fraud of their own.

Over this past weekend, several OnePlus customers took to Reddit to air their grievances over having their credit card information taken after making a purchase on OnePlus' website. "While the payment details are sent off to a third-party provider upon form submission, there is a window in which malicious code is able to siphon credit card details before the data is encrypted".

No. Your card info is never processed or saved on our website - it is sent directly to our PCI-DSS-compliant payment processing partner over an encrypted connection, and processed on their secure servers.

As such, many respondents did confirm that they faced such issue and some of them even detailed their experiences in the post. Going through the listing OnePlus has confirmed that only customers who made credit card payments are affected, not those who used PayPal. According to the company, credit card information is not processed or stored on its website.

Fidus also posited the idea that OnePlus was the victim of a serious breach, perhaps as the result of modified code in CyberSpace's Magento eCommerce plugin the company was believed to have used for payments processing. The company also used Magento e-commerce platform, which Fidus says is "a common platform in which credit card hacking takes place".

OnePlus has denied suggestions from a United Kingdom security firm that its e-commerce system was vulnerable to an old Magento eCommerce bug that cybercriminals were using to siphon card numbers.

Meanwhile, OnePlus has stated that if users suspect that their credit card info has been compromised, then they should check their card statement and contact their bank to resolve any suspicious charges. We're left with the promise that we'll be updated on the company's findings, so for now, it looks like we'll simply have to wait for more. The bank should help users initiate a chargeback and prevent any financial loss.

Other reports by iNewsToday