Cyber Attack on 40,000 customers of OnePlus Mobile!

OnePlus, a Chinese smartphone maker has released an official statement early today that it has suspended all activities related to credit card payments as it servers has suffered a cyber attack.

As the security breach on the online store of OnePlus resulted in data leak of more than 40,000 customers last week; as a precautionary measure the Shenzhen based company chose to shut down all its payment channels for its online store till Friday this week. It has to be notified that only payments via PayPal will be allowed in the meantime.

The incident came to light when some of the customers (35) reported to the company that fraudulent purchases were made in their name in the past 3 weeks. When the company started an investigation into the matter, it learned that its customers’ credit card info was stolen by hackers via a cyber attack launched on Monday last week and this led to fraudulent purchases.

As per the prima facie conducted by the IT staff of OnePlus, hackers managed to smartly induce a malign script onto one of the payment processing servers in November last year. And the fraudulent script started leaking the credit card info accessed by the payment card servers to remote servers controlled by cyber crooks. Details such as card numbers, their expiry dates, and security codes were leaked directly from the customer’s browser window which accessed the OnePlus online store. (Oneplus dot net)

The authorities of OnePlus are busy finding the entry point of the attackers and suspect an Insider’s threat in this issue.

Meanwhile, the company is reaching out to all the impacted customers on an individual note and is ready to offer a free credit monitoring service of one year to all of them. And the company has decided to react to the complaints related to fraudulent purchases after the current investigation gets completed.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display