Data Breach Exposes of Almost 40,000 Customer Personal Information
Mobile phone manufacturer and vendor OnePlus has been targeted by hackers, leading to a data breach that has exposed customers’ personal information.
As per reports, sensitive credit card information of as many as 40,000 customers have been stolen as a result of the security breach that has hit Chinese smartphone manufacturer OnePlus. The company had announced on January 19 that it was hit by a security breach; three days before the announcement, the company had announced that it was temporarily disabling card payments on its website.
eWEEK reports- “Mobile phone vendor OnePlus announced on Jan. 19 that it was the victim of a security breach that exposed credit card information of up to 40,000 customers. The admission comes three days after OnePlus announced that it was temporarily disabling credit card payments on its website, after online customers reported seeing unknown credit card charges.”
The report also states that the attack has been ongoing from mid-November 2017 until January 11 and that a malware, which captured data from end users’ browsers, could have helped hackers steal credit card information, including card numbers, expiration dates and security codes entered on the Oneplus.net site.
OnePlus too has acknowledged the data breach, as part of a statement made by a ‘Staff Member’ in a forum discussion on the company’s website. The statement says- “We are deeply sorry to announce that we have indeed been attacked, and up to 40k users at oneplus.net may be affected by the incident. We have sent out an email to all possibly affected users.”
The statement further says-“One of our systems was attacked, and a malicious script was injected into the payment page code to sniff out credit card info while it was being entered.” It’s also stated that the malicious script, which had operated intermittently and which was capturing and sending data directly from the user’s browser, has been eliminated and also that the infected server has been quarantined, along with the company reinforcing all relevant system structures.
Those affected by the credit card data breach include some users who had entered their card info on the company’s website between November 2017 and January 11, 2018. The company has made it clear that those who had paid via a saved credit card, via the “Credit Card via PayPal” method and via PayPal should not have been affected. The company has contacted all potentially affected users, through email.
OnePlus has requested all customers to check their credit card statement and in case there are any charges that they don’t recognize, report the same to their banks.
The company statement says- “We cannot apologize enough for letting something like this happen. We are eternally grateful to have such a vigilant and informed community, and it pains us to let you down…We are in contact with potentially affected customers. We are working with our providers and local authorities to better address the incident. We are also working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit. All these measures will help us prevent such incidents from happening in the future.”
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.