OnePlus payment page was compromised, exposing up to 40000 to credit card fraud
#1
via: Ars Technica

On Jan 11, a OnePlus customer posted on the OnePlus forum that he had several fraudulent charges on two credit cards that he used to purchase OnePlus phones. A poll was held on that thread and there were 309 votes on the option where people made a OnePlus transaction 0-2 months ago and had fraudulent charges.

Subsequently on Jan 19, OnePlus made an announcement admitting that "a malicious script was injected into the payment page code to sniff out credit card info while it was being entered". They believe that users who entered their credit card information on oneplus.net between mid-November 2017 and January 11, 2018 may be compromised. Those who used PayPal for payment are not affected.
Reply
#2
Agreed @thirthy_speed Paypal places a layer in between one's credit card (I've got prepaid debit cards) that makes one feel a bit more secure. I still feel a little bit like a sitting duck with places like NameCheap. The more users the greater the chance of fraud, but especially the more paranoid NameCheap gets to add all kinds of security rules and bells and whistles that can trip users up as well. I've gone through a few tremors from time to time with not being able to get into my account. Ditto PayPal especially with not allowing me to access my account from a different region. But I guess one has to accept that as collateral damage. Reminds me I have to change my password at NameCheap as it has a strict 6-month name change policy. If you don't change it within six months then it sets a really frustrating captcha on you.
Reply
#3
Phew that I bought my 3T before this happened and never saved anything on their website. I distrust paypal and refuse to create account on them. And that never bothered me anything, if something does happen my bank will take care of it quickly. Fraud is never a problem these days, just the people who aren't careful monitoring their statements and online accounts are the problem.
Thanks to FreeVPS & Host4Fun for VPS 4
Reply
#4
That is pretty scary to think about... though with my credit card, I'm not really too scared as I'm able to reverse charges fairly quickly. At the same time, I use Paypal most of the time and I can think of a dozen times where it has saved me from fraud (i.e. Rakuten)
[Image: img.php?userid=14559&vps1]
Reply
#5
This is really bad news. I think they must use a 3rd party gateway for payment so oneplus don't have to care all those security for their customer.
Yeah. Everything is right....Or wrong?
Reply
#6
As far as I know One should not enter their credit card details in any website unti the website is PCI/DSS certified, hence is OnePlus website certified to handle the credit card details?
I also try to use virtual credit cards wherever they allow the card numbers.
Reply




Users browsing this thread: 1 Guest(s)