From users of the social network Twitter, Reddit forum and official forum, OnePlus began receiving complaints about suspicious banking transactions on their credit cards after shopping in the online store OnePlus.
OnePlus representatives said that the payment data of customers stored on the company website, and handled by secure servers of the partners, where the data received over encrypted channels. Even if you use the «save card for future purchases» payment information is stored on the partner side, while the OnePlus website leaves a «marker» by which identificireba map a specific buyer.
In the presence of the slightest suspicion of the theft of payment data, OnePlus recommends that users contact the Bank to prevent unwanted operations. The company is already engaged in carrying out thorough security checks.
Firm Fidus Information Security, dedicated to research in the field of information security, conducted an independent audit, which identified two potential vulnerabilities:
- CyberSource payment service used by OnePlus, was himself a victim of hacking.
It should be noted that traces of any malicious scripts were found. If the incident with the OnePlus was the result of the attack on CyberSource, we are under the threat of other online shops involving service.