What started as a report of suspicious activity in credit card account by a OnePlus user has finally revealed a massive data breach on oneplus.net website. So let’s get into the details of the hack and the resolution suggested by OnePlus Team.
On 11 January 2018, a OnePlus user known by forum name superdutynick started a thread titled ‘Credit Card Fraud’. In the thread, he stated that his credit cards were used for a series of transactions without his knowledge and he suspects a breach on OnePlus website. To support his statement, he added that the only place he used his credit cards in the past six months was none one other than OnePlus website. Soon the thread got longer with replies from other OnePlus forum users who also reported suspicious credit card usage.
Following this report, a team was deployed by OnePlus to investigate on any fraudulent activity. They also disabled the credit card payment on their store website as a precautionary measure. Meanwhile, an information security company named Fidus came up with a detailed explanation of how the theft might have happened. According to Fidus, the On-Site payment processing page of oneplus.net[https://oneplus.net/] was susceptible to sniffing attacks. Later the OnePlus team also came up with a statement matching the findings of Fidus.
Even though the team has resolved the situation, users have to deal with credit card companies to initiate a chargeback. So a mere apology from the OnePlus team won’t compensate for this security issue which has been unnoticed for nearly three months. Moreover, the OnePlus store[https://oneplusstore.in] in India is using a similar On-Site payment processing page where credit card payments are still active. However, the only difference of this regional store is the payment processor which is PayU whereas, in oneplus.net, it is cybersource.
OnePlus has been recently quoted by several security experts pointing out the vulnerabilities in their Oxygen/Hydrogen OS. Now with this credit card incident, it is evident that the team is lacking a sort of security assurance. We have nothing more to add, but if you’re interested to know the details of the credit card issue, refer – Credit Card Fraud, OnePlus Update, Fidus Findings. Hope the article was informative, Peace!
This post was last modified on February 6, 2018 12:10 am