OnePlus Phone Buyers May Have Suffered Credit Card Breach

For about 40,000 customers at OnePlus, things are not so good. The bad news is not related to the wait they may have before upgrading to OnePlus 6.

It appears that the OnePlus website has been hacked, and that the hackers made off with credit card information that included card numbers.

According to a prepared statement issued by the smartphone maker from China, a malicious script was put into the company’s payment page code and searched for information related to credit cards while the cards were entered into the system.

What that means is from the middle of November 2017 through January 11 of this year, any customer using a credit card on may have had their information stolen by hackers. Reports said that some OnePlus customers have already reported seeing fraudulent charges on their accounts.

In its prepared statement, the company said that the malicious script had operated on an intermittent basis, capturing and then sending data from the browser of the user. The statement went on to say that the script has been eliminated, and the company quarantined the server that had been infected, while reinforcing all system structures that were relevant.

OnePlus sent emails to all customers that it believes may have had their payment card data hacked, and noted that both the security codes as well expiration dates of cards could have been taken as well. The breach was investigated by Fidus Information Security a security research firm and they said that what they discovered is not good news for OnePlus.

According to a blogpost by Fidus, OnePlus appears not to be PCI compliant and that is not mentioned anywhere on the company’s official website.

PCI is Payment Card Industry Security Standard. According to Security Standards Council at PCI, standards are the technical and operational requirements for companies accepting and or processing card payment transactions, and for developers of software and makers of devices and apps used in the same transactions.

What Fidus is saying is that OnePlus might not have taken the steps needed to protect the data of its customers.

OnePlus said it is offering credit monitoring for one year to all affected customers.

This is just one more in a long list of companies that have been hit with security breaches over the last three to four years since e-commerce became so popular and almost anything can be purchased online today.