Some users who entered their credit card info on oneplus.net between mid-November 2017 and January 11, 2018, may be affected. Now OnePlus says that up to 40,000 of its customers have indeed been affected by a credit card breach on their website. Despite the fact that OnePlus said earlier that customers' payment data is "never processed or saved" on its site, this script was able to lift everything - card numbers, security codes, and expiration dates - right from the text fields before checkout.
Reports of the OnePlus credit card breach have only been coming out for the past week or so, but OnePlus has recently come out and stated that the script that stole the data had actually been running on one of their servers since November, giving it ample time to collect the information of thousands of customers and opening them up to financial damage.
Soon after, the company announced that it was disabling credit card payments on its website, as it continued to research the incident.
Currently, OnePlus is uncertain of just how many customers have been affected. Using this, the attacker managed to steal credit card information as it was being entered by the customers. OnePlus said the code has since been removed and the infected server has been "quarantined". "It has since been eliminated", said OnePlus in the blog post.
William Hill expects 11% rise in full-year profits
William Hill presently has an average rating of "Hold" and a consensus target price of GBX 300.13 ($4.07). Shares of William Hill plc (LON:WMH) traded up 0.34% during midday trading on Monday, hitting GBX 292.60.
Lastly, OnePlus said that "We can not apologise enough for letting something like this happen". Nevertheless, if you believe you're at risk, our recommendations remain the same: Check your statements carefully and report anything suspicious to your card issuer.
A few days later on January 19, OnePlus issued another update on its forums to confirm that this fraudulent activity was a result of a security breach that affected up to 40,000 users. You can contact the OnePlus support team if you need further assistance. It also "suspended credit card payments" and has "been working with a cybersecurity firm to reinforce [its] systems".
OnePlus is already in the process of getting in touch with all the potentially affected customers, and is working with the local authorities to address the incident better.