OnePlus releases an official note to confirm the Credit card data breach on their website “oneplus.net“. The breach has affected 40,000 customers in just 3 months.
In their official note, they said the breach has affected 40,000 customers who made a transaction using their credit card between mid-November 2017 and 11 January 2018.
The note further explains that the origin of the attack is not yet found and hacker still remains unidentified. The attacker sniffed the credit card information of the customers who used their credit card for the transaction on OnePlus official website ‘oneplus.net‘.
The attacker compromised one of their servers and injected a malicious script along with the transaction page code, which eventually helped the attacker to sniff the details entered by the customer during the transaction.
“One of our systems was attacked, and a malicious script was injected into the payment page code to sniff out credit card info while it was being entered.” – OnePlus
OnePlus has addressed the issue and conducted an investigation. The company got to know about the breach only after getting customers complaints about the fraudulent transactions happening after they did a transaction on the OnePlus website.
The company did an investigation and Quarantined the infected server and reinforced all relevant system structures.
Following customers are not affected:
- Users who paid via a saved credit card should NOT be affected.
- Users who paid via the “Credit Card via PayPal” method should NOT be affected.
- Users who paid via PayPal should NOT be affected.
Only the users who used a credit card for transactions are most likely to be affected.
In addition to the countermeasures, the company is also notifying the potentially affected users via email. The email includes the detail about the potential security breach and what to be done in case they feel they are affected by the breach.
The Problem is although resolved and a customer can now make payments using credit cards, the company is still doing an in-depth investigation of the event, and to gain the reputation back it is also planning to provide free credit monitoring service for the affected customers.