Buyers of the online store OnePlus complain about theft of payment data

Покупатели интернет-магазина OnePlus жалуются на кражу платёжных данных

From users of the social network Twitter, Reddit forum and official forum, OnePlus began receiving complaints about suspicious banking transactions on their credit cards after shopping in the online store OnePlus.

OnePlus representatives said that the payment data of customers stored on the company website, and handled by secure servers of the partners, where the data received over encrypted channels. Even if you use the «save card for future purchases» payment information is stored on the partner side, while the OnePlus website leaves a «marker» by which identificireba map a specific buyer.

In the presence of the slightest suspicion of the theft of payment data, OnePlus recommends that users contact the Bank to prevent unwanted operations. The company is already engaged in carrying out thorough security checks.

Firm Fidus Information Security, dedicated to research in the field of information security, conducted an independent audit, which identified two potential vulnerabilities:

  • On the website could be hosted malicious JavaScript that redirects payment information on the side of the attackers before they were encrypted and transferred to the payment system partner.
  • CyberSource payment service used by OnePlus, was himself a victim of hacking.

It should be noted that traces of any malicious scripts were found. If the incident with the OnePlus was the result of the attack on CyberSource, we are under the threat of other online shops involving service.


Оставьте комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *