Over the weekend, many OnePlus users have reported credit card fraud after purchasing smartphones from the companys official website. OnePlus says the investigation is ongoing.
OnePlus is yet again making headlines but this time for all the wrong reasons presumably. Well, over the weekend, members of the OnePlus community have reported cases of unknown credit card transactions occurring on their credit cards post-purchase from oneplus.net. And all this has come to light after the company was notified of the issue when a poll was conducted on the OnePlus forum where users were asked to vote if they had noticed such fraudulent charges on their credit cards. Some of the users had also visited Reddit to report facing the same issue.
As such, many respondents did confirm that they faced such issue and some of them even detailed their experiences in the post. While credit card fraud is a serious issue and it can put a person’s private data at serious risk, the issue seems to be a lower scale from what we know so far and it seems to have reportedly affected about 25 percent of total users.
Having said that, the company has provided a statement regarding the matter. „At OnePlus, we take information privacy extremely seriously. Over the weekend, members of the OnePlus community reported cases of unknown credit card transactions occurring on their credit cards post-purchase from oneplus.net. We immediately began to investigate as a matter of urgency, and will keep you updated,“ the company has announced.
OnePlus‘ Answer
Well, the company has listed out a number of FAQs and answers as well. Going through the listing OnePlus has confirmed that only customers who made credit card payments are affected, not those who used PayPal.
The company has assured that no card info is stored on the company’s website. „It is sent directly to our PCI-DSS-compliant payment processing partner over an encrypted connection, and processed on their secure servers,“ the company has stated.
„If you checked the „save this card for future transactions“ while making a payment, all this means is that our payment processing partner encrypted and securely stored your card info and sent us a few digits (for identification purposes; see image below), plus a „token“ – a string of symbols that represents your card. This token is stored in our system, but it’s impossible for us to decrypt it and access your card info. Next time you make a payment at oneplus.net, this token will be recognized by our payment processing partner, who then fetches your original card info from their secure vault and uses it for payment processing,“ the company has said.
Not Affected by the Magento Bug
Further, the company’s post also assures that oneplus.net is not affected by the Magento bug and that it had nothing to do with the hacking of the Magento eCommerce platform. „Oneplus.net was initially built on the Magento eCommerce platform. However, since 2014 we have been re-building the entire website with custom code, and credit card payments were never implemented in Magento’s payment module at all. So no, we shouldn’t be affected,“ the company has said.
Meanwhile, OnePlus has stated that if users suspect that their credit card info has been compromised, then they should check their card statement and contact their bank to resolve any suspicious charges. The bank should help users initiate a chargeback and prevent any financial loss.
What next?
OnePlus has said that this is an ongoing investigation. The company is working with its third-party providers and will be giving an update on its findings as they surface. The company highlights that information security is a very serious topic, and it has always been one of OnePlus‘ top priorities.
