Credit Card Info Of Up To 40,000 OnePlus Customers Hacked

Credit card information of up to 40,000 OnePlus customers has been compromised, the Chinese phone maker said Friday as part of an update into its internal investigation initiated after some owners of its products started reporting credit card fraud. The Shenzhen, Guangdong-based company is now reaching out to all customers it believes may have been affected by the hack it suffered and will notify them of the development via email. It's currently unclear how long that effort will take but all potentially compromised users are likely to be alerted to the issue by the end of the week.

The attack was conducted via a "malicious script" inserted into the page which accepts credit card information and sends it to the firm's payments partner, as suggested by OnePlus. The short interval during which the page sends sensitive information before the cloud partner encrypts it likely provided the necessary opportunity for the attackers to steal the data. OnePlus says the script has been eliminated after detection and the infected server was quarantined, whereas the rest of its infrastructure has been strengthened in an unspecified manner. Anyone who entered their credit card info into the company's website between mid-November and January 11th may have had their credit card info stolen, OnePlus said. Anyone else who purchased products from the company using PayPal or saved credit card info entered outside of the aforementioned period isn't affected. While the latter scenario also involves making a direct credit card charge, the actual data it pulls is encrypted and the manner in which it's used cannot be compromised by the newly discovered script.

OnePlus said it "pains" it to let its customers down and thanked those who were "vigilant" enough to suspect foul play with their credit card statements and notify the community about it. All potentially affected customers should contact their banks, check their transaction histories, and report any charges they don't recognize, OnePlus advised. The company is still in the process of investigating the hack whose authors remain unknown. Its near-term plans involve the release of the OnePlus 6 and OnePlus 6T later this year, as well as exploring the possibility of a retail partnership with at least one U.S. wireless carrier.

Copyright ©2019 Android Headlines. All Rights Reserved
This post may contain affiliate links. See our privacy policy for more information.
You May Like These
More Like This:
About the Author

Dominik Bosnjak

Head Editor
Dominik started at AndroidHeadlines in 2016 and is the Head Editor of the site today. He’s approaching his first full decade in the media industry, with his background being primarily in technology, gaming, and entertainment. These days, his focus is more on the political side of the tech game, as well as data privacy issues, with him looking at both of those through the prism of Android. Contact him at [email protected]
Android Headlines We Are Hiring Apply Now