Skip to main content

Up to 40,000 customers’ info may have been stolen from OnePlus

OnePlus finds that security flaw may have jeopardized 40,000 customers' info

Smartphone maker OnePlus has released initial results of an investigation into its web store’s payment methods after some of its customers claimed they had been hit by credit card fraud shortly after making a purchase from OnePlus.

The issue arose when a user by the name of Superdutynick noticed that both of his credit cards had been used for fraudulent charges after he made two separate transactions on the OnePlus store. Noting that the only common denominator was the OnePlus store, he started a poll on the official OnePlus forums asking whether other users had experienced a similar problem. When a significant percentage replied that they had, and it was quickly followed by a similar post on Reddit that attracted hundreds of concerned comments, it became obvious that OnePlus was going to have to address the issue.

Recommended Videos

The company did, in fact, react quickly. It responded with a forum post of its own explaining the situation, and later disabled all credit card payments on the website while the investigation was taking place. OnePlus team member Mingyu seems fairly certain what isn’t the cause of the leaks, saying that the recent Magento hack is not to blame, since the OnePlus website has been rebuilt since 2014, and had never included the Magento payment module on the previous Magento ecommerce site. Mingyu also did not believe it was as a result of a breach of OnePlus’s security, since no card details are stored on their servers.

Information security website Fidus seems to disagree with that idea, noting that OnePlus itself is not PCI-DSS compliant, and that while no information is stored on the OnePlus website, there is a single page still hosted on OnePlus’ infrastructure where card details could be stolen, if an intruder has access.

Fidus seems to have been right on the money, as OnePlus has come back with the initial results of its investigation, and has warned that up to 40,000 customers may have been affected by a security flaw between mid-November 2017 and January 11 2018. That flaw allowed for a malicious script to pick up customers’ credit card details as they were entered onto the site.

OnePlus has reached out to as many of the affected customers as it can, but is urging all of its customers to be vigilant for any unauthorized activity on their credit cards. It’s important to note at this stage that only customers who were inputting their payment details into the site for the first time were susceptible to being attacked by the script, and anyone using a saved payment method is safe from the breach. The latter also applies to anyone who paid via PayPal, either by the usual PayPal payment method, or a credit card via PayPal. However, it’s always worth checking your credit card receipts, just in case.

OnePlus has apologized unreservedly, and has stated that it is working with its credit card authorization company to ensure that this hole is plugged as quickly as possible. It added that it will be working hard to stop anything like this happening again.

OnePlus has been one of Android’s major success stories, with the company coming out of nowhere to become an established name within smartphones. It recently released its OnePlus 5T to great acclaim, and while no stranger to controversy, has generally had good press on its side.

OnePlus is urging anyone who has previously made a purchase on its webstore using a credit card to check their statements and get any unauthorized charges reversed wherever possible.

Update: Updated with the results of the investigation by OnePlus.

Mark Jansen
Former Mobile Evergreen Editor
Mark Jansen is an avid follower of everything that beeps, bloops, or makes pretty lights. He has a degree in Ancient &…
The OnePlus 13 may one-up the Galaxy S24 and iPhone 15. Here’s how
OnePlus 12 Glacial White color held in hand against its red box.

The OnePlus 13 has gotten another tantalizing set of leaks -- including one thing that may give it a significant edge against the Samsung Galaxy S24 and iPhone 15. The latest news comes from Digital Chat Station (DCS) on Weibo, which posted that the OnePlus 13 will have IP69 water- and dustproofing.

This is a notch above the IP68 you get with most flagship phones and a big step above the IP65 that came on the OnePlus 12, which meant that it wasn’t rated to survive a dunk in water. An IP69 rating means that the OnePlus 13 will be one of the most durable phones on the market, and it’s certified to survive high-pressure and high-temperature water jets.

Read more
Have one of these OnePlus phones? You can now download Android 15
OnePlus Open in Emerald Dusk open showing inner display flat.

The wait for Android 15 is over for some owners of some OnePlus devices. With Android 15 Beta 2 expected to launch today, OnePlus is rolling out the Android 15 Beta 1 for owners of the OnePlus 12 and OnePlus Open. Now, keep in mind that this is still a beta, meaning it’s intended for developers and advanced users, and there are still several known issues and bugs.

The update will roll out globally and needs to be manually installed. We highly recommend following the steps OnePlus has laid out in its forum post and backing up the data on your phone since there is a risk of bricking. To upgrade, you’ll need to be running Android 14.0.0.610 and below; versions above it can’t be upgraded without rolling back.

Read more
You may have to wait a lot longer for the OnePlus Open 2
OnePlus Open camera module.

The OnePlus Open was released last year and received very positive reviews. However, according to a tipster named @That_Kartikey on X (formerly Twitter), its successor won't be released this year. According to the poster, Oppo does not plan to release a new Find N in 2024. Therefore, we shouldn't expect a next-generation OnePlus Open this year, either.

This news was confirmed by reliable tech rumor source @chunvn8888, who said the release of both handsets is expected in 2025. The devices will be powered by the Snapdragon 8 Gen 4 chip, which is unlikely to be available for device manufacturers until early next year.

Read more