Categories: MobilitySecurity

OnePlus Confirms 40,000 Customers Affected By Hack

Shenzhen, China-based smartphone maker OnePlus has confirmed that up to 40,000 customers were affected by a compromise of its website that allowed attackers to steal credit card details as they were being entered into browsers.

OnePlus disabled credit card purchases on oneplus.net last week when customers reported seeing card transactions they didn’t recognise after having made purchases on the site.

The company said card details are not processed or stored on its site, being sent over an encrypted connection directly to a third-party payment services provider.

But the hackers injected code into oneplus.net that recorded card information, the company said.

Malicious script

“One of our systems was attacked, and a malicious script was injected into the payment page code to sniff out credit card info while it was being entered,” OnePlus said in a statement.

The script operated intermittently over a period from mid-November 2017 to 11 January 2018, affecting those who entered card details for the first time.

Those who used saved card information or third-party methods such as PayPal weren’t affected.

OnePlus said it has isolated the system involved and is working with its payment provider on a more secure system.

Credit monitoring

A OnePlus spokesperson said the 40,000 users “represent a small subset” of the company’s total customer base. The company said it’s offering customers a year of free credit monitoring and is working with law enforcement authorities to investigate the hack.

All those potentially affected have been notified via email, OnePlus said, urging customers to be on the lookout for suspicious card transactions.

“We cannot apologize enough for letting something like this happen,” the company stated.

OnePlus sells through carriers such as O2 in the UK, but also offers handsets, accessories and other items directly to all its markets over oneplus.net.

The firm has sold its products in all European countries except Switzerland since 2014.

Its latest handset, the Android-based OnePlus 5T, launched in the UK on November 21 and sells in £449 or £499 versions, significantly undercutting the £999 iPhone X.

Do you know all about security? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Researchers Identify More Malware Used By SolarWinds Hack Group

Microsoft and FireEye identify three custom-made hacking tools deployed onto networks by 'sophisticated' group behind…

2 hours ago

White House Appoints Big Tech Critic Tim Wu As Adviser

Tim Wu appointed as adviser on technology and competition policy, signalling hard line on 'abuse…

3 hours ago

John McAfee Indicted Over Cryptocurrency Fraud

McAfee indicted in US over allegedly promoting cryptocurrencies to his massive Twitter base of followers,…

3 hours ago

Silicon UK In Focus Podcast: International Women’s Day

On International Women’s Day, Silicon UK speaks to one woman who has made tech her…

3 hours ago

Coursera Files To Go Public As Revenues Surge

Online education platform Coursera plans for public listing as it reveals revenue surge due to…

4 hours ago

Instacart Considers Direct Listing After Major Funding Round

Grocery delivery app Instacart reportedly considers bypassing IPO in favour of direct listing amidst surging…

4 hours ago