Wednesday, 8 December 2021

OnePlus Was Hacked to steal credit card details

OnePlus Hacked

LONDON: Anybody who used at credit card to purchase their flashy new OnePlus handsets from the company’s official site ought to immediately contact their bank: hackers might be out to steal your funds.

Following a slew of complaints about possible credit card fraud from a flock of concerned OnePlus users, cybersecurity firm Fidus has discovered a vulnerability that might have allowed malicious agents to sweep sensitive credit card data from the website of the China-based phone-maker.

So far, hundreds of affected users have taken to Reddit and the official OnePlus forums to report suspicious activity on their credit cards. According to numerous reports, the first fraud attempts came within a year after customers used their credit card to purchase items from the manufacturer’s website.

Fidus goes on to clarify that while the attacks appear to be authentic, their research does not in any way confirm that the OnePlus site was breached; rather, it suggests where the attacks might have come from – and it seems the weakest link might be the Magento eCommerce platform.

The cybersecurity specialist says the payment integration, which has previously been hacked on several occasions, is often targeted by malicious actors.

“We stepped through the payment process on the OnePlus website to have a look what was going on. Interestingly enough, the payment page which requests the customer’s card details is hosted ON-SITE,” the post reads. “This means all payment details entered, albeit briefly, flow through the OnePlus website and can be intercepted by an attacker.”

“Whilst the payment details are sent off to a third-party provider upon form submission,” it continues, “there is a window in which malicious code is able to siphon credit card details before the data is encrypted.”

Check Also

Cryptocurrencies tumble amid China crackdown

REUTERS/Dado Ruvic/Illustration/File Photo TOKYO – Cryptocurrencies tumbled on Monday as China’s crackdown on bitcoin mining ...

Leave a Reply