Recently, one of the OnePlus systems was attacked by a “malicious script code,” that stole credit card information including numbers, expiration dates and PINs from nearly 40,000 OnePlus customers. Following the theft, OnePlus posted information and clarification through their forum after many accused the company of attempting to keep it all a secret. Here’s what we now know.
Just ahead of the weekend, OnePlus posted information on their forum, answering some general questions about what happened in regard to their investigation findings. The company came to the conclusion that the attack was introduced to its server. However, at this time, they don’t know if it was installed physically at the site, or installed using some sort of remote access.
OnePlus stated that it has eliminated the issue, that was seeping into people’s browsers, by quarantining the infected system and upgrading various security system structures. The company also confirmed the users that might have been affected by the attack, which were ones who made a purchase on the OnePlus.net website between the middle of November (2017) and January 11 (2018). Users who paid via PayPal or a saved credit card were said to be safe from the issue that occurred in the middle of completing a transaction online. To prevent future attacks, OnePlus is working with payment providers to improve their credit card payment method.
If you are OnePlus customer and think your credit card information may have been compromised, we suggest checking your credit card statements for theft sooner rather than later.
For help or questions, OnePlus says to reach out to customer support here.
SOURCE [OnePlus Forums]