Photo: OnePlus

Up to 40,000 OnePlus customers have their credit card details exposed in data breach

Bradley Wint
By - Founder/Executive Editor
Jan 19, 2018 5:04pm AST
Photo: OnePlus
Get the latest news stories of the day delivered to your inbox

If you’ve recently purchased something via the OnePlus website, you may need to regularly check your credit card statement as the company has discovered a breach in their payment system.

According to them, certain customers making purchases via the OnePlus online store between mid-November 2017 and January 11, 2018, may have had their credit card details compromised during the transaction. They determined that a malicious script was injected into their payments page code, intermittently gathering and sending entered credit cards numbers and associated details from the customers’ end.

They said the breach only affects those who entered a credit card number (with the expiry date and security code). They estimate that up to 40,000 customers may have had their details stolen.

Those making purchases with credit cards saved to OnePlus accounts, or paid via PayPal (from a bank or credit card balance) are not affected. However, it’s always best to keep an eye out for any suspicious activity.

The team published a detailed synopsis of the situation via the discussion boards, detailing what happened, who is affected, and what can be done from here forward.

1. What happened

One of our systems was attacked, and a malicious script was injected into the payment page code to sniff out credit card info while it was being entered.

  • The malicious script operated intermittently, capturing and sending data directly from the user’s browser. It has since been eliminated.
  • We have quarantined the infected server and reinforced all relevant system structures.

2. Who’s affected

  • Some users who entered their credit card info on oneplus.net between mid-November 2017 and January 11, 2018, may be affected.
  • Credit card info (card numbers, expiry dates and security codes) entered at oneplus.net during this period may be compromised.
    • Users who paid via a saved credit card should NOT be affected.
    • Users who paid via the “Credit Card via PayPal” method should NOT be affected.
    • Users who paid via PayPal should NOT be affected.
  • We have contacted potentially affected users via email.

3. What you can do

  • We recommend that you check your card statements and report any charges you don’t recognize to your bank. They will help you initiate a chargeback and prevent any financial loss.
  • For enquiries, please get in touch with our support team at https://oneplus.net/support.
  • If you notice any potential system vulnerabilities, please report them to email hidden; JavaScript is required. This is a monitored inbox, but please note, we may not be able to respond to all reports.

4. What we are doing

We cannot apologize enough for letting something like this happen. We are eternally grateful to have such a vigilant and informed community, and it pains us to let you down.

We are in contact with potentially affected customers. We are working with our providers and local authorities to better address the incident. We are also working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit. All these measures will help us prevent such incidents from happening in the future.

A big thank you to our forum user @superdutynick for bringing this incident to our attention!

Sincerely,
The OnePlus Team

Android Police is also claiming that OnePlus will be offering one year of free credit monitoring to those affected by the breach.

Have your say

Stay in check with our daily burst of news stories delivered to your inbox.

Read more

WestJet to announce new 787 livery on February 28th

Travel - Something’s brewing up at WestJet. Employees at the Canadian carrier were teased about a new livery announcement set for February…

By - Feb 15, 2018 11:10pm AST

E-cigarette explodes in man’s pocket, causing second degree burns

Lifestyle - A Texas man has been left with second degree burns after his e-cigarette battery exploded in his pants pocket. The…

By - Feb 13, 2018 11:34pm AST

Instagram may soon notify you if someone snaps your Story

Social Media - If you’re a creeper, then you may be in for some bad news as Instagram is quietly testing a new…

By - Feb 12, 2018 9:10pm AST

Google to introduce iPhone X ‘notch’ support in future Android updates

Mobile - As part of Google’s continued effort to streamline the Android platform, they are once again targeting higher end iPhone customers…

By - Feb 12, 2018 8:27pm AST

Logan Paul’s YouTube ads suspended after he tased a dead rat and gave dead fish CPR

Social Media - Internet man child Logan Paul just can’t stop being an idiot. After taking some time off and posting an apology…

By - Feb 11, 2018 2:17am AST

The Samsung Galaxy S9 could start at $800+

Mobile - With every new flagship release, phone prices just seem to continually creep up and up over time. For instance, Apple’s…

By - Feb 8, 2018 4:42am AST

SpaceX nails tandem landing after successful Falcon Heavy test launch

Featured - What a time to be alive! Elon Musk and the team at SpaceX has set another major milestone by successfully…

By - Feb 7, 2018 1:38am AST

Video depicts drone flying dangerously close to aircraft

Transportation - Video of a drone flying dangerously close to an aircraft in Las Vegas has gone viral. The original clip was…

By - Feb 5, 2018 12:26am AST

PornHub to force UK viewers to give up their name, ID details and address to view content

Privacy/Security - If you fancy X-rated content but happen to live in the UK, some of your favourite sites will soon be…

By - Feb 1, 2018 10:19pm AST

Crypto mining hurting PC gaming; some retailers cracking down on miners

Featured - If you’re a hardcore PC gamer looking to build a rig right about now, you’re most likely going to be…

By - Jan 31, 2018 10:07pm AST