Well well, OnePlus is now in a tough spot as the Chinese company openly admitted the recent payment system hack at oneplus.net. Yes, you heard it right, OnePlus today updated their earlier blog post saying that up to 40,000 users at oneplus.net could be affected by their credit card payment system attack, which we reported a few days ago. For the unaware, several users at OnePlus Forums recently said that their credit cards had been used for various transactions, and some of them used the cards only at the OnePlus website.
Elaborating the attack, OnePlus said that one of their systems was attacked, and a malicious script was injected into the payment page code to sniff out credit card info while it was being entered. "The malicious script operated intermittently, capturing and sending data directly from the user's browser. It has since been eliminated," said OnePlus in the blog post.
Talking about the affected users, those who entered their credit card info on oneplus.net between mid-November 2017 and January 11, 2018, may be affected. And the data acquired by the attackers is the Credit card info including card numbers, expiry dates and security codes, which customers should've entered at oneplus.net.
OnePlus also clarified that users who paid via a saved credit card should not be affected; Users who paid via the Credit Card via PayPal option are not affected, and users who paid via PayPal are not affected too. Also, OnePlus said that it had contacted potentially affected users via email already.
Furthermore, the Chinese company also gave some precautions which should be performed at the customer's end now. The company is recommending every user who purchased a product using a credit card at oneplus.net during the period to check their card statements and immediately report back to them if they find any suspicious charges.
Lastly, OnePlus said that "We cannot apologise enough for letting something like this happen. We are eternally grateful to have such a vigilant and informed the community, and it pains us to let you down."
OnePlus is already in the process of getting in touch with all the potentially affected customers, and is working with the local authorities to address the incident better. OnePlus also promises that it should try to address such issues in the future. As of now, the company has removed the credit card payment on its portal.