Categories: MobilitySecurity

OnePlus Confirms 40,000 Customers Affected By Hack

Shenzhen, China-based smartphone maker OnePlus has confirmed that up to 40,000 customers were affected by a compromise of its website that allowed attackers to steal credit card details as they were being entered into browsers.

OnePlus disabled credit card purchases on oneplus.net last week when customers reported seeing card transactions they didn’t recognise after having made purchases on the site.

The company said card details are not processed or stored on its site, being sent over an encrypted connection directly to a third-party payment services provider.

But the hackers injected code into oneplus.net that recorded card information, the company said.

Malicious script

“One of our systems was attacked, and a malicious script was injected into the payment page code to sniff out credit card info while it was being entered,” OnePlus said in a statement.

The script operated intermittently over a period from mid-November 2017 to 11 January 2018, affecting those who entered card details for the first time.

Those who used saved card information or third-party methods such as PayPal weren’t affected.

OnePlus said it has isolated the system involved and is working with its payment provider on a more secure system.

Credit monitoring

A OnePlus spokesperson said the 40,000 users “represent a small subset” of the company’s total customer base. The company said it’s offering customers a year of free credit monitoring and is working with law enforcement authorities to investigate the hack.

All those potentially affected have been notified via email, OnePlus said, urging customers to be on the lookout for suspicious card transactions.

“We cannot apologize enough for letting something like this happen,” the company stated.

OnePlus sells through carriers such as O2 in the UK, but also offers handsets, accessories and other items directly to all its markets over oneplus.net.

The firm has sold its products in all European countries except Switzerland since 2014.

Its latest handset, the Android-based OnePlus 5T, launched in the UK on November 21 and sells in £449 or £499 versions, significantly undercutting the £999 iPhone X.

Do you know all about security? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Google Joins Others In Ending Diversity Initiatives

Google becomes latest tech firm to scrap some of its diversity hiring targets, and cites…

34 mins ago

Ofcom Grants License For Amazon Kuiper To Challenge Starlink In UK

New challenger for Elon Musk's Starlink in UK, after Ofcom grants earth station network licence…

4 hours ago

Openreach Tests 50Gbps Broadband Connection With Nokia

Possible broadband speed of the future? Openreach and Nokia test UK’s first live 50Gbps fibre…

5 hours ago

Jeff Bezos’s $10bn Earth Fund Halts Climate Group Backing – Report

Amazon founder and one of the world’s richest men, Jeff Bezos, has been accused of…

6 hours ago