Categories: MobilitySecurity

OnePlus Confirms 40,000 Customers Affected By Hack

Shenzhen, China-based smartphone maker OnePlus has confirmed that up to 40,000 customers were affected by a compromise of its website that allowed attackers to steal credit card details as they were being entered into browsers.

OnePlus disabled credit card purchases on oneplus.net last week when customers reported seeing card transactions they didn’t recognise after having made purchases on the site.

The company said card details are not processed or stored on its site, being sent over an encrypted connection directly to a third-party payment services provider.

But the hackers injected code into oneplus.net that recorded card information, the company said.

Malicious script

“One of our systems was attacked, and a malicious script was injected into the payment page code to sniff out credit card info while it was being entered,” OnePlus said in a statement.

The script operated intermittently over a period from mid-November 2017 to 11 January 2018, affecting those who entered card details for the first time.

Those who used saved card information or third-party methods such as PayPal weren’t affected.

OnePlus said it has isolated the system involved and is working with its payment provider on a more secure system.

Credit monitoring

A OnePlus spokesperson said the 40,000 users “represent a small subset” of the company’s total customer base. The company said it’s offering customers a year of free credit monitoring and is working with law enforcement authorities to investigate the hack.

All those potentially affected have been notified via email, OnePlus said, urging customers to be on the lookout for suspicious card transactions.

“We cannot apologize enough for letting something like this happen,” the company stated.

OnePlus sells through carriers such as O2 in the UK, but also offers handsets, accessories and other items directly to all its markets over oneplus.net.

The firm has sold its products in all European countries except Switzerland since 2014.

Its latest handset, the Android-based OnePlus 5T, launched in the UK on November 21 and sells in £449 or £499 versions, significantly undercutting the £999 iPhone X.

Do you know all about security? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Uber To Offer 50,000 Tesla Cars To Drivers

Mammoth Hertz deal to purchase 100,000 Tesla’s electric vehicles, will allow Uber to offer a…

11 mins ago

Intel Touts New 12th Gen PC Processors

Chip giant Intel introduces its new Alder Lake processors for personal computers, as it seeks…

36 mins ago

Iran Blames Nation State For Cyberattack on Petrol Stations

Petrol distribution network in Iran has reportedly been paralysed after a cyberattack, which some officials…

3 hours ago

Facebook Orders Staff Not To Destroy Internal Documents

Amid the ongoing whistleblower fallout, Facebook orders all its staff to preserve internal documents, in…

6 hours ago

Donald Trump Loses Bid To Sue Twitter In Florida

Judge rules Donald Trump has to sue Twitter over his suspension not in Florida, but…

20 hours ago

EU Regulators Open Investigation Of Nvidia’s ARM Acquisition

Setback for Nvidia, as the European Commission confirms full-scale investigation into purchase of British chip…

21 hours ago