In a forum post today, OnePlus has released more details on the breach that forced them to halt credit card payments on their site Tuesday. OnePlus states that "One of our systems was attacked, and a malicious script was injected into the payment page code to sniff out credit card info while it was being entered." They go on to say that they have eliminated the malicious code, as well as quarantined the infected server, and all potentially affected users have been contacted.
We first reported on this Tuesday, and kudos to OnePlus for identifying the problem and eliminating it so swiftly. That said 40,000 is a lot of potentially affected people. OnePlus mentioned those who used Credit Card via PayPal, or PayPal itself were not affected. Personally I use PayPal for everything I can, keeping my credit card info offline is important to me.
We are in contact with potentially affected customers. We are working with our providers and local authorities to better address the incident. We are also working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit. All these measures will help us prevent such incidents from happening in the future.
We first reported on this Tuesday, and kudos to OnePlus for identifying the problem and eliminating it so swiftly. That said 40,000 is a lot of potentially affected people. OnePlus mentioned those who used Credit Card via PayPal, or PayPal itself were not affected. Personally I use PayPal for everything I can, keeping my credit card info offline is important to me.
We are in contact with potentially affected customers. We are working with our providers and local authorities to better address the incident. We are also working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit. All these measures will help us prevent such incidents from happening in the future.