Smartphone maker OnePlus suffers credit card data breach

Users of the Shenzhen-based Chinese smartphone manufacturer OnePlus are on high alert after the company confirmed that their credit card data had been stolen. The breach affects, using a conservative estimate, 40,000 users of the company’s Android devices. The breach caused a large investigation to be launched and at this moment OnePlus is still working with local law enforcement to find the culprit or culprits responsible.

On their website forums, OnePlus gave an official statement that explained just what occurred. The attack is described as follows according to the statement:

One of our systems was attacked, and a malicious script was injected into the payment page code to sniff out credit card info while it was being entered. The malicious script operated intermittently, capturing and sending data directly from the user’s browser. It has since been eliminated. We have quarantined the infected server and reinforced all relevant system structures.

The statement then goes on to list potential victims, which are individuals who used OnePlus’ payment function between the large time frame of November 2017 to January 2018. This does not reflect well on the company as it took a while to discover the breach, something that makes OnePlus customers likely wonder what other data is at risk.

OnePlus tried its best to reassure their users with the following component of their official incident statement:

We are in contact with potentially affected customers. We are working with our providers and local authorities to better address the incident. We are also working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit. All these measures will help us prevent such incidents from happening in the future.

Whether this is “too little, too late” remains to be seen. OnePlus has had well-publicized security issues before, so this incident could not have come at a worse time.

Photo credit: OnePlus

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter
Tags oneplus

Recent Posts

Microsoft Teams guest access: How to enable and manage it

Two of the main factors that affect the total cost of an organization’s Microsoft 365…

14 hours ago

Samsung Galaxy Unpacked 2020: Everything you need to know

Samsung rolled out the all-new Galaxy Z Fold 2, Note 20, Note 20 Ultra handsets…

17 hours ago

SAN vs. NAS: Detailed comparison of these two storage technologies

SAN and NAS provide dedicated storage for a group of users using completely different approaches…

20 hours ago

Generation 1 virtual machines: Modernize them and bring them up to date

In many companies, Generation 1 virtual machines have been superseded by Gen 2 VMs. But…

2 days ago

Free VPNs from Hong Kong with ‘no-log policy’ experience data leak

With these free VPNs based in Hong Kong, you may not be paying any money…

2 days ago

Azure DevOps tips and tricks: Using built-in features

These Azure DevOps tips and tricks come fresh from the field where they have been…

2 days ago