Skip to main content

Up to 40,000 customers’ info may have been stolen from OnePlus

OnePlus finds that security flaw may have jeopardized 40,000 customers' info

oneplus 5t review screen protector
Andy Boxall/Digital Trends
Smartphone maker OnePlus has released initial results of an investigation into its web store’s payment methods after some of its customers claimed they had been hit by credit card fraud shortly after making a purchase from OnePlus.

The issue arose when a user by the name of Superdutynick noticed that both of his credit cards had been used for fraudulent charges after he made two separate transactions on the OnePlus store. Noting that the only common denominator was the OnePlus store, he started a poll on the official OnePlus forums asking whether other users had experienced a similar problem. When a significant percentage replied that they had, and it was quickly followed by a similar post on Reddit that attracted hundreds of concerned comments, it became obvious that OnePlus was going to have to address the issue.

The company did, in fact, react quickly. It responded with a forum post of its own explaining the situation, and later disabled all credit card payments on the website while the investigation was taking place. OnePlus team member Mingyu seems fairly certain what isn’t the cause of the leaks, saying that the recent Magento hack is not to blame, since the OnePlus website has been rebuilt since 2014, and had never included the Magento payment module on the previous Magento ecommerce site. Mingyu also did not believe it was as a result of a breach of OnePlus’s security, since no card details are stored on their servers.

Information security website Fidus seems to disagree with that idea, noting that OnePlus itself is not PCI-DSS compliant, and that while no information is stored on the OnePlus website, there is a single page still hosted on OnePlus’ infrastructure where card details could be stolen, if an intruder has access.

Fidus seems to have been right on the money, as OnePlus has come back with the initial results of its investigation, and has warned that up to 40,000 customers may have been affected by a security flaw between mid-November 2017 and January 11 2018. That flaw allowed for a malicious script to pick up customers’ credit card details as they were entered onto the site.

OnePlus has reached out to as many of the affected customers as it can, but is urging all of its customers to be vigilant for any unauthorized activity on their credit cards. It’s important to note at this stage that only customers who were inputting their payment details into the site for the first time were susceptible to being attacked by the script, and anyone using a saved payment method is safe from the breach. The latter also applies to anyone who paid via PayPal, either by the usual PayPal payment method, or a credit card via PayPal. However, it’s always worth checking your credit card receipts, just in case.

OnePlus has apologized unreservedly, and has stated that it is working with its credit card authorization company to ensure that this hole is plugged as quickly as possible. It added that it will be working hard to stop anything like this happening again.

OnePlus has been one of Android’s major success stories, with the company coming out of nowhere to become an established name within smartphones. It recently released its OnePlus 5T to great acclaim, and while no stranger to controversy, has generally had good press on its side.

OnePlus is urging anyone who has previously made a purchase on its webstore using a credit card to check their statements and get any unauthorized charges reversed wherever possible.

Update: Updated with the results of the investigation by OnePlus.

Editors' Recommendations

Mark Jansen
Mark Jansen is an avid follower of everything that beeps, bloops, or makes pretty lights. He has a degree in Ancient &…
With Hasselblad in tow, OnePlus must learn from Huawei and Leica’s success
oneplus hasselblad partnership rumor huawei leica 9 pro

OnePlus may have struck a partnership to help elevate the camera system on its next smartphone to the level seen on Samsung, Apple, and Huawei phones. A leak suggests OnePlus will work with camera maker Hasselblad in some capacity for the OnePlus 9 Pro, potentially in a similar way to how Huawei has worked with Leica on its phone cameras.

However, partnerships like this are not all the same, and just because there's co-branding on a phone doesn’t mean there have been deep changes that will greatly affect performance. If OnePlus and Hasselblad are working together, I hope they will look toward Huawei and Leica’s partnership for inspiration, rather than some of their own previous collaborations.
The Hasselblad and OnePlus 9 leak
The leak of the unreleased, unofficial OnePlus 9 Pro, complete with Hasselblad branding on the camera module alongside four cameras, first appeared on popular YouTuber Dave2D’s channel. The leak wasn’t a single, pixelated, low-quality sneaky image, but a selection of high-resolution photos of what looks like a genuine smartphone. The design matched leaks of the OnePlus 9, giving it more credibility, just with additional sensors and that Hasselblad branding.

Read more
iPhone 11 Pro vs. P40 Pro vs. S20 Plus vs. OnePlus 8 Pro: Four-way camera battle
Four-way camera battle

Apple, Samsung, Huawei, and OnePlus have all launched phones with extremely capable cameras over the past six months. But which one really takes the best photos? Examining the differences helps make the decision of which to buy a little easier. Each is priced around $1,000, so you want to make the right choice for you.

We put the Apple iPhone 11 Pro, the Samsung Galaxy S20 Plus, the Huawei P40 Pro, and the OnePlus 8 Pro up against each other in a series of camera tests. It’s a serious, hard-fought battle, but there is a winner.
iPhone 11 Pro vs. P40 Pro vs. S20 Plus vs. OnePlus 8 Pro
Camera specifications
Before we get into the tests, here’s a quick rundown of the camera specs for each phone.

Read more
OnePlus 8 Pro vs. OnePlus 7T Pro: Has OnePlus one-upped itself?
OnePlus 8 Pro Back

The OnePlus 8 Pro is here. Announced together with the OnePlus 8 on April 14, it's the natural successor to last October's excellent OnePlus 7T Pro. It boasts a larger 6.78-inch screen, a bigger 4,510mAh battery, and the more powerful Snapdragon 865 processor. It also comes with four rear cameras in comparison to the OnePlus 7T Pro's three, giving photographers a new Color Filter lens in addition to the pre-existing main, ultra-wide, and telephoto lenses.

All of this sounds like OnePlus has gone all-out to make its latest premium model the best smartphone it possibly could be. However, the question remains: How exactly does the OnePlus 8 Pro stack up against the OnePlus 7T Pro? Would the 8 Pro be worth buying if you already have the 7T Pro?

Read more