OnePlus has recently stated that the company had to shut down credit card payments for its online store earlier this week due to the security breach. This has affected up to 40,000 customers. Sources say that customers’ credit card information were getting stolen while they were purchasing OnePlus products.
Ongoing Investigation on the Security Breach
The reports of fraudulent purchases stolen credit card information were made in the past week. However, OnePlus shares that the script that stole the data had been running on one of its payment processing servers since mid-November. The script was able to capture full credit card information, including security codes, expiry dates, and card numbers, directly from a customer’s browser window. The mobile company says it has determined where the exploit happened and has found the point of entry for the attacker, but the investigation remains ongoing. However, professionals are still identifying either the attack was done remotely, or if someone had physical access to the server to install the script.
OnePlus says that the script operated “intermittently” and the infected server has been quarantined from the rest of the system. Credit card payments will remain suspended on the OnePlus.net store until the investigation is complete. Customers will be able to purchase items through PayPal in the meantime. OnePlus says it is working to implement a more secure credit card payment method before it re-enables them.