Home / Tech News / Purchased a OnePlus phone? Yeah, your credit card might have been stolen.

Purchased a OnePlus phone? Yeah, your credit card might have been stolen.



Phone with a side of theft.

Image: RAYMOND WONG/MASHABLE

Things aren’t looking so hot for approximately 40,000 OnePlus customers. And no, not because they’ll probably have to wait until June to upgrade to the OnePlus 6. 



It turns out that the company’s website was hacked, and in the process credit card numbers and other payment information was likely stolen. 

According to a statement issued by the Chinese smartphone manufacturer, “a malicious script was injected into the payment page code to sniff out credit card info while it was being entered.”

What this means in practice is that, from roughly mid November of 2017 to January 11, 2018, any customer who put their credit card into OnePlus.net could have had it lifted by hackers. Some customers are already reporting fraudulent charges. 

“The malicious script operated intermittently, capturing and sending data directly from the user’s browser,” the company said in a statement. “It has since been eliminated. We have quarantined the infected server and reinforced all relevant system structures.”

OnePlus emailed the customers it believes might have been affected, and noted that both card expiration dates and security codes could also have been stolen. 

Image: RAYMOND WONG/MASHABLE

Security researchers at Fidus Information Security looked into the breach, and what they found doesn’t look so good for OnePlus. According to a Fidus blogpost, “OnePlus do not appear to be PCI compliant, nor do they mention this anywhere on the website.”

Why does this matter? PCI is short for Payment Card Industry Data Security Standard, and, according to the PCI Security Standards Council, the standards are “the operational and technical requirements for organizations accepting or processing payment transactions, and for software developers and manufacturers of applications and devices used in those transactions.”

In other words, according to Fidus, OnePlus may not have been taking basic steps to protect its customers data. Like we said, not looking good. 

So, what can you do if you got an email from OnePlus notifying you of the breach? Not much, unfortunately. OnePlus says you should check your bank statement for fraudulent charges, and reach out to the company for any “enquiries.” 

In other words, you’re more or less on your own. Good luck!

Https%3a%2f%2fvdist.aws.mashable.com%2fcms%2f2017%2f11%2fac0b75c3 6d62 ce77%2fthumb%2f00001



Check Also

Dad finds daughter’s heartbreaking texts

A FATHER has shared the heartbreaking texts he discovered on his old phone which his …

Leave a Reply

Your email address will not be published. Required fields are marked *