The Chinese Smartphone manufacturer OnePlus recently suffered a breached which compromised credit card information of up to 40,000 customers.
On January 19, OnePlus revealed about the attack in a blog post. The post describes about a malicious script that was injected into the company’s website payment page after the hackers successfully penetrated one its systems.
The website was under the attack from mid of November 2017 to January 11, 2018. The company took notice of it when many customers were complaining about the recent fraudulent attempts made on their credit cards after they made a purchase on the OnePlus website.
The cyber security company Fidus Information Security also investigated and reported about some security failings on the website. After a week pf hundreds of customer reported fraud the OnePlus confirmed the attack and enforced a temporary block on credit card payments on their website.
The affected customers were informed on Friday morning via an email, which described about how the credit card numbers, expiry dates and security codes were all stolen from the customers who made a purchase on oneplus.net website from mid November through to January 11.
However, the customers who had saved and encrypted credit card information or used Paypal have not been affected by the attack.
OnePlus apologized to their customers for letting something like this happen. They felt painful for letting their customers down. The company is also offering free credit card monitoring to the affected customers and have promised to implement a more secure credit card payment method. It is also conducting an in-depth investigation and is informing law enforcement and data protection authorities across its operating regions.
The Breach attacks are getting common these days and many well-known websites have suffered through it. The most secure way to prevent credit card fraud is to utilize an OFF-SITE payment processor or the one which provides iFrame integration with checkout pages. Third-party payment providers have created PCI compliant sandboxes for the very purpose of securely taking card payments; use it.
The companies should also regularly conduct a Penetrating test on their websites to get notified about any bugs and risks.