Up to 40,000 credit cards affected by OnePlus hack that happened two months ago

  • Liam Tung (CSO Online)
  • 23 January, 2018 02:51

Smartphone maker OnePlus has confirmed that hackers scooped up as many as 40,000 credit card numbers, security codes and expiry dates from its online checkout. 

The admission came a week after hundreds of users reported unauthorized transactions on cards that were recently used to make a purchase on the OnePlus website. 

OnePlus last week suspended credit card payments on the site while it was investigating whether the fraud reports were linked to an issue with the site. 

OnePlus says that attackers in mid-November compromised one of its servers and injected a malicious script into the payment page. The script intermittently sniffed and captured credit card details directly from the the browser as users entered payment information on the page. 

Compromised details included credit card numbers, expiry dates and security codes. Customers who used a card on the site between mid-November 2017 and January 11 2018 may be affected. Though the breach occurred nearly two months ago, users only began reporting fraudulent card purchases last week.

OnePlus notes that anyone who used PayPal, credit card via PayPal, or a credit card that was saved to the site was not affected. 

The company has sent an email notifying potentially affected customers and says it has quarantined the compromised server. 

“We are in contact with potentially affected customers. We are working with our providers and local authorities to better address the incident. We are also working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit. All these measures will help us prevent such incidents from happening in the future,” the company said. 

Customers should check card statements and report suspicious charges to their bank, OnePlus said.

The company has quickly built a loyal fanbase in Europe, North America and Asia by offering flagship smartphone features at a fraction of the cost of Samsung Galaxy S phones and the iPhone. OnePlus launched sales in Australia last August with its OnePlus 5, which started at $599 for a phone with 6GB memory and 64 GB storage.