OnePlus has finally confirmed in which its online payment system was breached, following several complaints of fraudulent credit card transactions through its customers who made purchases on the company’s official website.
In a statement released today, Chinese smartphone the admitted in which credit card information belonging to up to 40,000 customers was stolen by an unknown hacker between mid-November 2017 along with January 11, 2018.
According to the company, the attacker targeted one of its systems along with injected a malicious script into the payment page code in an effort to sniff out credit card information while in which was being entered by the users on the site for creating payments.
The malicious script was able to capture full credit card information, including their card numbers, expiry dates, along with security codes, directly through a customer’s browser window.
“The malicious script operated intermittently, capturing along with sending data directly through the user’s browser. in which has since been eliminated,” OnePlus said on its official forum. “We have quarantined the infected server along with reinforced all relevant system structures.”
However, the company believes users who shopped on its website using their saved credit card, PayPal account or the “Credit Card via PayPal” method are not affected by the breach.
OnePlus can be still investigating the incident along with committed to conducting an in-depth security audit to identify how hackers successfully managed to inject the malicious script into its servers.
Meanwhile, credit card payments will remain disabled on the OnePlus.net store until the investigation can be complete as a precaution, though users can make purchases through PayPal.
“We are eternally grateful to have such a vigilant along with informed the community, along with in which pains us to let you down. We are in contact with potentially affected customers. We are working with our providers along with local authorities to address the incident better,” OnePlus says.
OnePlus can be notifying all possibly affected OnePlus customers via an email along with advises them to keep a close eye on their bank account statements for any fraudulent charges or look into cancelling their payment card.
The company can be also looking into offering a one-year subscription of credit monitoring service for free to all affected customers.