OnePlus confirms 40000 customers may have had credit card information stolen

  • OnePlus confirms 40000 customers may have had credit card information stolen

OnePlus confirms 40000 customers may have had credit card information stolen

In a statement released today, OnePlus said credit card information belonging to up to 40,000 customers was captured by a malicious (and now unknown) actor between November 2017 and mid-January 2018.

Up to 40,000 people were caught out by hackers who stole credit card details from the site of phone maker OnePlus.

In a blog post, the company said one of its systems was attacked and a malicious script injected into the code of the payment page to sniff out credit card details as they were being entered.

When iTWire contacted OnePlus, the company denied that its systems had been breached. However, the firm notes that those who paid via PayPal, or who paid with previously saved credit card details, should not be impacted. However, it operated only intermittently, so not everyone was hit.

While customer reports of fraudulent purchases have only started to show up in the past week, OnePlus says that the script has been running since November - just ahead of the launch of the OnePlus 5T. This should mean that any abnormal or fraudulent payments on your credit card will be pinged to you as soon as they happen.

OnePlus says it has eliminated the malicious script in question and stopped using the infected server, so the problems shouldn't persist.

OnePlus says that if you have purchased something from their online store to keep an eye out for any suspicious activity on your statements.

Lastly, OnePlus said that "We can not apologise enough for letting something like this happen".

It is sending an email out to all customers that are affected by the data breach. In a gesture of goodwill, the company is reaching out to those who were affected and offering a free year of credit monitoring, and plans to cooperate with local authorities during the ongoing investigation. "They will help you initiate a chargeback and prevent any financial loss", OnePlus said. "We are also working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit".

OnePlus is now working with local authorities to get the to bottom on the data breach.