Instagram

If you bought a OnePlus 5T, your credit card info may have been stolen

40,000 customers may be affected.

After launching an investigation into reports of a credit card breach on its website, OnePlus has announced some grim findings: Up to 40,000 customers may have had their credit card data stolen. That includes card numbers, expirations dates, and CVV codes entered at oneplus.net.

The culprit for the breach, according to OnePlus, is a rogue script that was injected into the payment page code and able to capture unencrypted credit card info from customers’ browser windows. The company says the exploit has been running since the OnePlus 5T launched in November, though it affected all sales made through the website. It’s unclear whether the attack was triggered remotely or internally.

Read: A Quick Glance on the State of Cryptocurrency

Incidentally, the breach only seems to have affected customers using a new credit card on the site. OnePlus says those who used a previously saved card or PayPal to check out shouldn’t be impacted. The company shut down its credit card processing system on January 16 after reports surfaced of fraudulent charges popping up on customers’ credit card statements. Customers are still able to purchase phones via PayPal.

OnePlus is continuing to investigate the issue with the help of a third-party cybersecurity firm but has offered no window for when credit card purchasing will be restored on its website. It says it will be reinforcing its system with tougher security measures and is looking into offering a free one-year subscription to a credit-monitoring firm to all affected users.

Read: Snowden’s App Haven to Protect Laptops from Prying Eyes

In a form post OnePlus said,

“We cannot apologize enough for letting something like this happen. We are eternally grateful to have such a vigilant and informed community, and it pains us to let you down.”

If you purchased a OnePlus 5T or any other phone through the OnePlus website, you should call the issuer of the credit card you used to see about getting a replacement card with a new number.

Why this matters: Any credit card breach is a big deal, but this one hits especially hard for OnePlus. Since OnePlus sells unlocked phones and doesn’t have a presence in U.S. carrier stores, a large portion of its sales are conducted directly through its website. Shutting down its credit card processing system will undoubtedly affect sales, as will the public fallout from this breach.

 

This article was originally published on the IDG Network by PC World by Michael Simon.
Image source: Doug Duvall/IDG

Total
0
Shares
Share 0
Tweet 0
Pin it 0
Related Topics
You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *

about
CWPK Legacy
Launched in 1967 internationally, Computerworld Magazine is the oldest tech magazine/media property brand in the world. Today Computerworld (abbreviated as CW) is an ongoing decades old professional publication which in 2014 "went digital”. In Pakistan Computerworld was launched in 1995. Initially providing news to IT executives only, once CIO Pakistan from the same family launched, and took over the domain, CW Pakistan has slowly emerged as a holistic technology news platform reporting everything tech in the country. It remains the oldest running continuous IT media publishing platform in the country and approaching 3 decades of existence, it has been the industry’s biggest benchmark and hopes to continue for years to come.
Read more
Explore Computerworld Sites Globally
Content from other IDG brands
CW Media & all its sub brands are copyrighted to SPIN-IDG Wakhan Media Inc., the publishing arm of NCC-RP Group. This site is designed and maintained by Crunch Collective ©️ 2023.