The first bad news for OnePlus Users – hundreds of user are reporting to fraudulent credit card transactions after order product Chinese product one plush official store.
After the claim quickly surfaces on oneplush support form over the minimum the weekend a user said that two of this credit card user on company’s official website maybe suspecting of fraudulent activity.
The only place that both of those credit cards had been used in the last 6 months was on the Oneplus website,” the customer wrote.
after a good number of users posted similar complaints like OnePlus, Twitter and Reddit forums, announced they also become a user of credit card fraud.
oneplus customers claimed that their credit cards had been compromised after they order a new phone or some mobile accessories directly from the OnePlus official website store.
Cybersecurity firm Fidus say his official blog in detailing the alleged problem with the OnePlus website’s on-site payment system. The firm impeaches that the servers of the OnePlus website might have been compromised.
Consonant Cybersecurity Fidus OnePlus is regularity of conducting the transactions itself on-site, which means that all billing information toward all credit card details entered by its customers flow through the OnePlus official website and can be shut the attackers.
“Whilst the payment details are sent off to a third-party provider upon form submission, there is a window in which malicious code is able to siphon credit card details before the data is encrypted,” Fidus wrote.
OnePlus has quickly replied that issue on its forum, and confirm that it does not store any credit card information on this website and all payment transactions are carried out through its PCI-DSS-compliant payment processing partner
official announced of oneplus, leake only credit card information of users who have enabled the “save this card for next transactions” feature is stored on OnePlus’ official servers, but now oneplus is secured with a token mechanism
“Our website is HTTPS encrypted, so it’s very difficult to intercept traffic and inject malicious code, however we are conducting a complete audit,” a company’s staffer using the name ‘Mingyu’ wrote.
The Chinese smartphone maker also confirms that purchases involving third-party services like PayPal are not affected.
@lmost 100+ user report of the fraudulent credit card transactions on the OnePlus support forums. OnePlus announces a formal investigation in this matter, and advises affected users to contact their bank to return the payment.