OnePlus January 19 Credit Card Security Update: up to 40k customers may be affected

Discussion in 'Mobile Devices' started by V_R, Jan 20, 2018.

  1. V_R

    V_R ¯\_(ツ)_/¯ Moderator

    Joined:
    Jan 31, 2005
    Likes Received:
    1,351
    Location:
    127.0.0.1
    Oh dear.

    I purchased my 5T on the 21st November, and while I'm yet to receive an email, I've just cancelled and requested a new card. :mad:



    [Jan 19 Update #2]

    Update: Thank you for your comments, we're reading each and every one and we appreciate your feedback. We do want to clarify, only potentially affected users will receive the email.



    [Jan 19 Update]

    Hi all,

    We are deeply sorry to announce that we have indeed been attacked, and up to 40k users at oneplus.net may be affected by the incident. We have sent out an email to all possibly affected users.

    1. What happened

    One of our systems was attacked, and a malicious script was injected into the payment page code to sniff out credit card info while it was being entered.

    • The malicious script operated intermittently, capturing and sending data directly from the user's browser. It has since been eliminated.
    • We have quarantined the infected server and reinforced all relevant system structures.

    2. Who's affected
    • Some users who entered their credit card info on oneplus.net between mid-November 2017 and January 11, 2018, may be affected.
      • Credit card info (card numbers, expiry dates and security codes) entered at oneplus.net during this period may be compromised.
      • Users who paid via a saved credit card should NOT be affected.
      • Users who paid via the "Credit Card via PayPal" method should NOT be affected.
      • Users who paid via PayPal should NOT be affected.
    • We have contacted potentially affected users via email.

    3. What you can do
    • We recommend that you check your card statements and report any charges you don’t recognize to your bank. They will help you initiate a chargeback and prevent any financial loss.
    • For enquiries, please get in touch with our support team at https://oneplus.net/support.
    • If you notice any potential system vulnerabilities, please report them to security@oneplus.net. This is a monitored inbox, but please note, we may not be able to respond to all reports.

    4. What we are doing


    We cannot apologize enough for letting something like this happen. We are eternally grateful to have such a vigilant and informed community, and it pains us to let you down.

    We are in contact with potentially affected customers. We are working with our providers and local authorities to better address the incident. We are also working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit. All these measures will help us prevent such incidents from happening in the future.

    A big thank you to our forum user @superdutynick for bringing this incident to our attention!

    Sincerely,
    The OnePlus Team


    https://forums.oneplus.net/threads/jan-19-update-an-update-on-credit-card-security.752415/
     
    V_R, Jan 20, 2018
    #1
    1. Advertisements

  2. V_R

    Ian Administrator

    Joined:
    Feb 23, 2002
    Likes Received:
    864
    Ouch, that is more serious than more card processing breaches, as they've got all the data before it was actually secured in the backend.

    Have you seen anything suspect on your CC bill?
     
    Ian, Jan 20, 2018
    #2
    1. Advertisements

  3. V_R

    V_R ¯\_(ツ)_/¯ Moderator

    Joined:
    Jan 31, 2005
    Likes Received:
    1,351
    Location:
    127.0.0.1
    Nah noting out of the ordinary, but I've cancelled the card and requested a new one anyway.
     
    V_R, Jan 21, 2018
    #3
    Ian likes this.
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.