Similarly, entities who accept online payments from credit cards can devaluate these stolen credit card numbers by authenticating their customers via passive biometrics technology instead of static data only. Shortly after these reports started rolling in, OnePlus posted on the forum to confirm that it was aware of the issue and that an investigation is underway. The malicious script operated intermittently, capturing and sending data directly from the user's browser.
OnePlus also clarified that users who paid via a saved credit card should not be affected; Users who paid via the Credit Card via PayPal option are not affected, and users who paid via PayPal are not affected too.
While the investigation into potential culprits is still ongoing, and while a spokesperson insists only one server was affected, OnePlus has said, "We can not apologize enough for letting something like this happen". Today we're getting the first results from that investigation, and things aren't looking good for OnePlus or its users.
OnePlus says it has eliminated the malicious script in question and stopped using the infected server, so the problems shouldn't persist. The company is now working with its technology providers as well as law enforcement to further investigate the security incident. The Verge reports that the company is now working to launch a more secure credit card payment processing system before it re-enables standard payments, with hopes that this OnePlus credit card breach never happens again. "All these measures will help us prevent such incidents from happening in the future". This should mean that any abnormal or fraudulent payments on your credit card will be pinged to you as soon as they happen. If you want to buy a phone or an accessory from the site, you can still do so through PayPal, but you won't be able to use your credit card to complete a transaction. In a gesture of goodwill, the company is reaching out to those who were affected and offering a free year of credit monitoring, and plans to cooperate with local authorities during the ongoing investigation.