If you bought a OnePlus phone recently, check your credit card statement

Compartir

Although, the security breach will certainly impact on the reputation of the company yet OnePlus is applying several remedies to get out of the situation.

Earlier this week, customers were reporting fraudulent transactions on their credit cards following a purchase on the OnePlus website. Today we're getting the first results from that investigation, and things aren't looking good for OnePlus or its users. Customers who had credit cards on file with OnePlus but who didn't make a purchase in that timeframe aren't affected, and neither are users who paid with PayPal.

Up to 40,000 people were caught out by hackers who stole credit card details from the site of phone maker OnePlus.

OnePlus also clarified that users who paid via a saved credit card should not be affected; Users who paid via the Credit Card via PayPal option are not affected, and users who paid via PayPal are not affected too.

"Only a small subset of our customers is affected", a spokesperson for the company told TechCrunch.

If you notice any potential system vulnerabilities, please report them to security@oneplus.net.

Crooks were quick to start plundering victims' accounts using the swiped information, going on shopping sprees with the stolen card data. They'll issue a chargeback to prevent any financial loss.

Mulvaney requests 'zero' money for CFPB
Yes! It is exactly what it seems like as Mulvaney hasn't requested a penny from the Federal Reserve. Instead, it would be taking a closer to make sure the agency was complying with the law.

For the time being, credit card transactions on OnePlus.net will remain suspended until the company completes its investigation.

According to the OnePlus official forum, "The malicious script operated intermittently, capturing and sending data directly from the user's browser".

OnePlus says it has eliminated the malicious script in question and stopped using the infected server, so the problems shouldn't persist.

On top of that, the Fidus researchers discovered that OnePlus's payments page wasn't compliant with the UK Cards Association's PCI-DSS standard, contrary to the company's claims. This data includes the card number, expiry date and security code that you entered at oneplus.net.

In a post on its community forums, the firm said it "cannot apologize enough for letting something like this happen", after some customers reported hundreds of pounds in fraudulent charges. This token is stored in our system, but it's impossible for us to decrypt it and access your card info.

Payment fraud is a perennial concern with all online payments. You're nearly certainly off the hook for any fraudulent use as long as you report what you've seen in a reasonable timeframe.

Compartir