Earlier this week we reported on several OnePlus customers complaining about fraudulent transactions on their credit card after using OnePlus official website.
Now OnePlus has released a statement confirming that their website has been breached and hackers have stolen credit card details of about 40,000 customers.
The company said that only the users who used oneplus.net between mid-November 2017 and January 11, 2018, is affected by the breach.
The attacker compromised one of their systems and injected a malicious script into the payment code page to sniff out credit card details when it is being entered on the website.
The malicious script captures the credit card details like card numbers, expiry dates, and security codes directly from user’s browser.
“One of our systems was attacked, and a malicious script was injected into the payment page code to sniff out credit card info while it was being entered.The malicious script operated intermittently, capturing and sending data directly from the user’s browser. It has since been eliminated.”
“We have quarantined the infected server and reinforced all relevant system structures.” said Oneplus in the statement released.”
The company also said that users who paid via saved credit card, Credit Card via PayPal and paid via PayPal will not be affected by the breach.
Oneplus have informed all the affected customers about the breach through email and advised them to check their bank statements for any fraudulent transactions.
The investigation is still ongoing and has informed local authorities about the breach.
“We cannot apologize enough for letting something like this happen. We are eternally grateful to have such a vigilant and informed the community, and it pains us to let you down”.
“We are working with our providers and local authorities to better address the incident. We are also working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit. All these measures will help us prevent such incidents from happening in the future.” said One plus
You may be interested in reading:10 Key Information Security Mistakes Organizations Make! How to Fix Them?