Thursday, December 5, 2024
HomeData BreachOnePlus Website Hacked and Attackers Stolen Many Customers Credit Card Details

OnePlus Website Hacked and Attackers Stolen Many Customers Credit Card Details

Published on

SIEM as a Service

OnePlus Website Suffered from Critical Data breach in their Payment card System and attacker stolen more than 40,000 Customers Sensitive Credit information.

One of their payment card system attacked by unknown hackers by injecting malicious script into payment page code that will intercept the card information while being entered by the customer.

Customer who purchased via oneplus.net Website between mid-November 2017 and January 11, 2018, may have been affected.

- Advertisement - SIEM as a Service

Few Weeks Before OnePlus Mobile comes with the preinstalled backdoor that provides root access to the affected devices.

Due to this Attack, hackers may have been stolen Sensitive credit card information such as card numbers, expiry dates and security codes.

Also Read: 21-year-old Hacker Jailed for Launching Cyberattacks on Skype, Pokemon, and Google

Injected malicious script intermediately performing while customer entering their Credit card information on their website and attacker capturing the credit card information that will send the sniffed information to attacker directly from the user’s browser.

In this case, OnePlus Customer who has made credit card payments directly to oneplus.net is the only scenario based credit card information may have been stolen.

Following Scenario based customers are not Affected by this Payment card data Breach.

  • Users who paid via a saved credit card should NOT be affected.
  • Users who paid via the “Credit Card via PayPal” method should NOT be affected.
  • Users who paid via PayPal should NOT be affected.
According to OnePlus, Payment fraud is a perennial concern with all online payments. If you notice suspicious charges in your card statement, contact your bank immediately so they can reverse the payment. Our website is HTTPS encrypted, so it’s very difficult to intercept traffic and inject malicious code, however, we are conducting a complete audit.

Infected Payment card server has been quarantined Soon after discovered this breach by OnePlus Security Expert and reinforced all relevant system structures.

OnePlus Informed to their customer regarding this data breach and requested to check your card statement and contact your bank if they find any suspicious charges.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...

HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks

HackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to...

Fuji Electric Indonesia Hit by Ransomware Attack

Fuji Electric Indonesia has fallen victim to a ransomware attack, impacting its operations and...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Threat Actors Allegedly Claims Breach of EazyDiner Reservation Platform

Reports have emerged of a potential data breach involving EazyDiner, a leading restaurant reservation...

Researchers Detailed New Exfiltration Techniques Used By Ransomware Groups

Ransomware groups and state-sponsored actors increasingly exploit data exfiltration to maximize extortion and intelligence...

Massive Credit Card Leak, Database of 1,221,551 Cards Circulating on Dark Web

A massive data breach has sent shockwaves across the globe, as a database containing...