OnePlus learned from several of its customers that there were fraudulent charges appearing on their credit card cards and fingers were being pointed to the company itself. This led to the smartphone maker disabling support for credit card payments and launched an immediate investigation into what happened.
The preliminary results are in and you’re not going to like them. In a statement today, the company said that credit card information belonging to up to 40,000 customers was captured by a malicious actor between November 2017 and mid-January 2018. Right now, there was no details as to what the malicious actor was, but investigation is still ongoing.
The company hasn’t confirmed the number of customers whose captured payment information has been used for fraudulent purposes. The company further notes that a “small portion” of its customer base has been affected. This information is not likely to consolidate people that have been involved in this breach.
OnePlus is continuing to work with law enforcement. As a result of this breach, the company said that it will be offering a year of free credit monitoring to all affected users. But the real question is, how did this exactly happen?
According to a company spokesperson, a malicious actor had gained access to one of the company servers and injected a script that captured customer credit card information as it was being typed into the site’s payment form. Many believed that OnePlus’ payment processor was to blame for the breach, it now appears that the credit card payment system was working as it was supposed to. The information was being processed as required, being encrypted and transmitted to the company’s payment processor, but the issue started where the malicious script seized a window of opportunity and captured the information before it was encrypted and sent off.
Customers that paid via PayPal have not been affected by the breach, so it’s safe to say that you’re fine. Customers who paid with previously saved credit card information should not be impacted because the information wasn’t put in manually, but we highly recommend everyone keep an eye on your credit card statements.