After the post by OnePlus forum user Superdutynick bringing notice on the fact that his credit cards are been misused after a purchase made on the OnePlus website.
And the Poll confirming the misuse of credit Cards of a lot of customers.Oneplus starred its investigation the moment they found about the matter. And temporarily suspending Credit card operations earlier this week, on their store website till the ongoing investigations. Oneplus also confirmed up to 40,000 customers were affected by the Security Breach.
OnePlus has found the point of entry for the attacker. According to the Forum post-Oneplus says that a malicious script was inserted into their Payments page, which would capture full credit card information from the user’s browser and operated “intermittently”.
OnePlus also says that the script has been operating since mid-November, Although the complaints of fraudulent purchases and stolen credit card reports are made past week.
What has been compromised from the credit cards of the potentially affected customers? Data such as card numbers, expiry dates, and security codes. the Potentially affected customers are notified via email and offered a year of credit monitoring service for free. And the affected customers would be customers who made purchases between mid-November and 11 January 2018.
The Affected Servers has been quarantined from the rest of the servers. And the script has been eliminated. But the investigation is still ongoing with third-party security agency and the fact is not clear that how this script made way into the severs onto the payment page, did someone had remote access or physical access to the servers.
Credit card payments will remain suspended on the OnePlus.net store until the investigation is complete, with customers being able to purchase items through PayPal till the completion of the investigation. OnePlus says it is working to implement a more secure credit card payment method before it re-enables them.