OnePlus Has Been Hacked And Its Online Payment System Was Breached!

OnePlus has stated that credit card data belonging to up to 40,000 clients were affected by the security breach that caused the organization shut down the online payment system earlier last week. The announcement came after a week in which hundreds of clients reported fraud on their accounts while they were purchasing OnePlus products.

According to the company:
Hi all, We are deeply sorry to announce that we have indeed been attacked, and up to 40k users at oneplus.net may be affected by the incident. We have sent out an email to all possibly affected users.

After an examination and a temporary block made on credit card payments, OnePlus discovered that hackers were able to hack into its website server and were able to install malicious JavaScript code that would grab credit card information once it was entered by customers.

The JavaScript code was able to catch full credit card data, including card numbers, expiry dates, and security codes directly from a client’s browser window. OnePlus said that it has determined where the exploit happened and has found the vulnerability, but the investigation remains ongoing.

It’s not yet obvious if the hack was done from outside, or if someone had physical access to the server to place the malicious script.

“We recommend that you check your card statements and report any charges you don’t recognize to your bank. They will help you initiate a chargeback and prevent any financial loss.”

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil