Advertisement

OnePlus says up to 40,000 customers affected in credit card breach

OnePlus says up to 40,000 customers affected in credit card breach
From Engadget - January 19, 2018

OnePlus has not confirmed the number of customers whose captured payment information has been used for fraudulent purchases, noting instead that the number of affected users represented a "small portion" of its customer base. While it's true that millions of OnePlus smartphones have been sold since the Oppo spin-off set up shop in 2014, that's likely little consolation for the people directly involved. As a result of the breach, OnePlus says it's continuing to work with law enforcement, and will offer a year of free credit monitoring to all affected users.

But how did all this happen in the first place? According to a company spokesperson, a malicious actor gained access to one of its servers and injected a script that captured people's credit card information as it was typed into the site's payment form. While some originally suspected OnePlus' payment processor was to blame for the issue, it appears that the credit card payment process worked exactly as it was supposed to. Once entered, the payment data was subsequently encrypted and transmitted to the company's payment processor as usualthe script seized on a window of opportunity and captured the information before it could be encrypted in the first place.

That means customers who paid via PayPal are not affected by the breach, and people who paid with previously saved credit card details should not be impacted because they did not manually input the information.

Advertisement

Continue reading at Engadget »