OnePlus got pwned, exposed up to 40000 users to credit card fraud

Cesar Mills
January 21, 2018

There are a potential 40,000 affected customers but all those who had saved their credit card info into OnePlus' systems before mid-November won't be affected, nor were PayPal customers.

For the time being, credit card transactions on OnePlus.net will remain suspended until the company completes its investigation.

We have quarantined the infected server and reinforced all relevant system structures. As a result of this breach, the company said that it will be offering a year of free credit monitoring to all affected users.

OnePlus disabled the credit card payments on January 16, after receiving reports from customers that they were seeing unknown credit card charges after buying something online from OnePlus. Users can continue using PayPal.

Last week, OnePlus CEO Pete Lau told CNET that it is exploring partnerships with USA carriers, but a spokesperson confirmed that this security breach will not change anything in terms of OnePlus' online sales strategy.

For enquiries, please get in touch with our support team at https://oneplus.net/support. The case was soon brought to OnePlus' attention following which the company had provided a statement saying that the company took information privacy extremely seriously and that the company had begun to investigate the case as a matter of urgency.

Bus fired in Kazakhstan carrying Uzbek citizens to Russian Federation
Uzbekistan also sent officials to Aktobe to establish the cause of the accident, according to the Interfax-Kazakhstan news agency. In 2015, 16 people, including three children, died in Kazakhstan when a minibus collided with a van on April 20, 2015.

Simona Halep finally topples Lauren Davis after epic 143-minute final set
Earlier, sixth seed Karolina Pliskova beat Czech Fed Cup teammate Lucie Safarova 7-6, 7-5 to move into the fourth round. The Japanese 20-year-old's win finally marked some success in the third round at a major - she was previously 0 for 5.

Gunmen launch attack on hotel in Afghan capital
TOLOnews journalist Hayat Amanat reported an eyewitness saying at least 15 people had died, although this has not been verified. Captain Tom Gresback, spokesman for the NATO-led Resolute Support mission in Afghanistan said they were also watching closely.

Consumers who shopped from oneplus.net between October and December 2017 started reporting credit card fraud earlier this week. The company has confirmed that this script has already been removed from the web, and have isolated the affected server while reinforcing the entire security infrastructure.

Further, the article noted that the company has determined where the exploit happened and has found the point of entry for the attacker, but the investigation remains ongoing. The complainants seem to have made credit card payments directly on oneplus.net without involving third-party like PayPal.

OnePlus apologized for the payments breach and says it's "eternally grateful" to the community for identifying a pattern of fraudulent payments. The code ran intermittently over the coming weeks until credit card payments were shut off on January 11th, 2018.

The company said that the issue affects some of its customers that have shopped online at oneplus.net may be affected by the incident. "We are working with our providers and local authorities to address the incident better".

OnePlus is still working on the situation from every angle, especially with implementing a more secure online storefront in the future.

Other reports by GizPress

Discuss This Article

FOLLOW OUR NEWSPAPER