OnePlus has confirmed on their forum that as many as 40,000 customers may have had their credit card info stolen. Below is a quote directly from their forum post.
We are deeply sorry to announce that we have indeed been attacked, and up to 40k users at oneplus.net may be affected by the incident. We have sent out an email to all possibly affected users.
One of our systems was attacked, and a malicious script was injected into the payment page code to sniff out credit card info while it was being entered.
- The malicious script operated intermittently, capturing and sending data directly from the user’s browser. It has since been eliminated.
- We have quarantined the infected server and reinforced all relevant system structures.
Credit card security is a huge deal when buying something on the internet. Honestly, security in general on the internet is a huge deal. I would say this could be a nightmare for OnePlus, but I would be willing to bet this is already a nightmare for them. It looks like OnePlus has managed to narrow down the breach from mid-November 2017 thru January 11, 2018. Although the breach is still bad, it could have been worse.
- Credit card info (card numbers, expiry dates and security codes) entered at oneplus.net during this period may be compromised.
- Users who paid via a saved credit card should NOT be affected.
- Users who paid via the “Credit Card via PayPal” method should NOT be affected.
- Users who paid via PayPal should NOT be affected.
According to this quote if you paid with a saved credit card on the OnePlus site you should be ok. Also if you paid via PayPal, you should be in the clear also. That said, I would definitely double check my statement just to be sure that your card wasn’t affected. If you do suspect fraudulent activity OnePlus suggests that you report it directly to your financial institution. OnePlus has since “temporarily” disabled credit card payments on their site.
Does the news of this breach change your opinion of OnePlus? Once payments are back up and running on their site, would you be comfortable entering your credit card info? Sound off in the comments, we’d love to know your opinion on the matter in the comments below!