OnePlus is recently in the news again but all for bad reasons. It announced that customers have been affected by the security breach that has to lead the company shut down its credit card payments for its online store previously this week. Basically, this information is the consequence of an in effect investigation with a third party security agency into the breach that has caused customers’ credit card information to be stolen while they were purchasing OnePlus products.
Even if the reports of stolen credit card information and fraudulent purchases were only made long back in the week that had gone, OnePlus regarded that the script, that has stolen the data, had been running on one of its payment processing servers since Mid-November. This script was well able to capture full credit card information, enlisting card numbers, expiry dates, and security codes directly from a customer’s browser window. Here, the company added that it has determined where the exploit happened and has found the point of entry for the attacker, but the investigation remains ongoing. Now, this is not clear whether the attack was done remotely, or if someone had physical access to the server to install the script.
In a recent forum post detailing the findings, OnePlus stated that the script operated “intermittently” and the infected server has been separated from the rest of the system. The report also contained the facts that customers that paid via a saved credit card, a credit card processed via PayPal, or through a PayPal account should not have been affected by the breach.
A OnePlus spokesperson added that the 40,000 customers exposed to the attack only “represent a small subset” of its total customer base. The company is slowly reaching out to affected customers and offering a year of credit monitoring service for free. With this, it has started working with local authorities during the investigation.
Till the investigations are done with, Credit card payments would remain suspended on the OnePlus.net store with customers able to purchase items through PayPal in the meantime. OnePlus is working to implement a more secure credit card payment method before it would re-enable them.
Lastly, OnePlus CEO Pete Lau told added that it is exploring partnerships with US carriers, but also here a spokesperson confirmed that this security breach would not change anything in terms of OnePlus’ online sales strategy. With this, it is also true that the company currently does not have plans to move its store to Amazon or another e-commerce platform.