After launching an investigation into reports of a credit card breach on its website, OnePlus has announced some grim findings: Up to 40,000 customers may have had their credit card data stolen. That includes card numbers, expirations dates, and CVV codes entered at oneplus.net.
The culprit for the breach, according to OnePlus, is a rogue script that was injected into the payment page code and able to capture unencrypted credit card info from customers’ browser windows. The company says the exploit has been running since the OnePlus 5T launched in November, though it affected all sales made through the website. It’s unclear whether the attack was triggered remotely or internally.
Powered by WPeMatico