OnePlus hacked as customers are warned of a serious breach

Card numbers, expiry dates and security codes have been nabbed from OnePlus.net

OnePlus, the Chinese smartphone brand that asks you to "never settle", last week admitted it's faced a widespread credit card hack. In a letter to its customers, along with a post on its forums, OnePlus apologised for the breach and stated that the card number, expiry date and security code of customers' credit cards have all been compromised.

It's unclear exactly when this attack took place and for how long OnePlus has been sitting on the information, but it told customers that it "launched an urgent investigation" as soon as it was made aware of the attack. It also "suspended credit card payments" and has "been working with a cybersecurity firm to reinforce [its] systems".

OnePlus recommended that every customer checks their card statements and report any charges they don't recognise. It also stated that "if you run into any problems, or need further guidance, don't hesitate to reach out".

The hack occurred thanks to a malicious script inserted into the OnePlus.net payment page code. This allowed hackers to see customers' credit card numbers, expiration dates and security codes - essentially all the information needed to use a card for a fraudulent payment.

On the surface, the hack seems reminiscent of the session replay scripts that shook the internet back in November.

You can read OnePlus's full letter to affected customers below, posted by Peter Smallbone on Twitter.

Currently, the company is uncertain of just how many customers have been affected. They've managed to track down the code's insertion to sometime in mid-November, just before the OnePlus 5T launch. There are a potential 40,000 affected customers but all those who had saved their credit card info into OnePlus' systems before mid-November won't be affected, nor were PayPal customers.

OnePlus said it's looking for "a suitable way to offer one year's credit monitoring to affected users". This should mean that any abnormal or fraudulent payments on your credit card will be pinged to you as soon as they happen. OnePlus added that it will be getting in touch with affected users soon to ensure they can claim their credit monitoring service.

As with all of these incidents, affected customers' best course of action is to cancel all credit or debit cards that may have been compromised. Also, customers are advised to contact their banks and make sure that they're aware of the breach and can provide monitoring services just in case.

Featured Resources

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Simplify cluster security at scale

Centralised secrets management across hybrid, multi-cloud environments

Download now

The endpoint as a key element of your security infrastructure

Threats to endpoints in a world of remote working

Download now

2021 state of IT asset management report

The role of IT asset management for maximising technology investments

Download now

Recommended

What is hacktivism?
hacking

What is hacktivism?

13 Oct 2020
Microsoft: Iranian hackers are exploiting ZeroLogon flaw
Security

Microsoft: Iranian hackers are exploiting ZeroLogon flaw

6 Oct 2020
The Ritz suffers data breach after hackers pose as staff
data breaches

The Ritz suffers data breach after hackers pose as staff

17 Aug 2020
Russia hacked Liam Fox's personal email to steal trade documents
phishing

Russia hacked Liam Fox's personal email to steal trade documents

4 Aug 2020

Most Popular

How Liberty navigated a site relaunch during a pandemic
Sponsored

How Liberty navigated a site relaunch during a pandemic

8 Oct 2020
Do smart devices make us less intelligent?
artificial intelligence (AI)

Do smart devices make us less intelligent?

19 Oct 2020
Politicians need to stop talking about technology
Policy & legislation

Politicians need to stop talking about technology

21 Oct 2020