- OnePlus has confirmed that as many as 40,000 customers may have been affected by a security breach.
- Sensitive banking information including credit card numbers, expiry dates, and security codes may have been compromised.
- “We cannot apologize enough for letting something like this happen,” said OnePlus in a statement.
OnePlus has concluded its investigation into reports that some of
its customers had been hit with fraudulent credit card activity… and
it’s not good news for the Chinese company or a huge number of its
customers.
OnePlus shut down all credit card payments on its website after reports of account fraud began spreading on Reddit in recent weeks. However, the forum post confirms
that the severity and scale of the problem is far larger than initially
thought, as the breach may have affected anyone who input credit card
information on OnePlus’ website from as far back as mid-November 2017
last year.
The resulting security audit discovered that one of OnePlus’ systems
had been attacked by a malicious script that intermittently captured
data from a user’s browser window. The infected server has since been
quarantined, but it’s unclear how much damage the script did during the
roughly two-month period, or how it evaded OnePlus’ security in the
first place.
Credit card numbers, expiry dates, and security codes may have
all been compromised, OnePlus says, although this should only impact
users that entered new card information during the period in question.
Payment cards already saved on the site and transactions via PayPal are
thought to be unaffected.
OnePlus is recommending that all recent customers check their card
statements and report any signs of possible fraudulent activity directly
to their bank.
As well as promising that it will revise its payment system and
conduct further security audits, OnePlus also took the opportunity to
apologize for the entire scenario, stating:
“We cannot apologize enough for letting something like this happen. We are eternally grateful to have such a vigilant and informed community, and it pains us to let you down.”
While many of the responses on OnePlus’ official forums have
praised the company for its honesty, it seems unlikely that the
Shenzhen-based company’s reputation will come out of the situation
unscathed. The ongoing absence of card payments from OnePlus’ website
will already have a knock-on effect to the OEM’s bottom line just days
after the company announced record sales figures for 2017 and boasted of
“healthy profits”.
The bigger concern, however, is trust. OnePlus has spent years
cultivating a dedicated customer base via online sales and support and
has only recently started selling phones via carriers in select regions.
With co-founder and CEO Pete Lau again talking of lucrative deals
with US carriers in recent weeks, news of a data breach could impact
customer perception of the OnePlus brand. It could even raise alarm
bells among potential partners, especially after the long-mooted
Huawei-AT&T partnership collapsed in such spectacular fashion at CES 2018.
No comments:
Post a Comment