Breach, Threat Management, Data Security

OnePlus breach may have compromised 40K users

An attack on may have affected up to 40,000 users, who the company has notified by email.

“One of our systems was attacked, and a malicious script was injected into the payment page code to sniff out credit card info while it was being entered,” according to a company post to its user forum.

The malicious script, which has been eliminated, “operated intermittently, capturing and sending data directly from the user's browser,” the update said, adding that the company has “quarantined the infected server and reinforced all relevant system structures.”

Chris Morales, Vectra's head of security analytics, said he wasimpressed with the meticulousness and expediency OnePlus is taking in providing customers with notification of the breach,” which he called a departure from “how major companies tend to act.”

The breach seems to be similar to those at other retailers. “A piece of code is designed to monitor and collect credit card information,” said Morales. “This is what happened at Target, except that it was local on the POS terminal.”

He called the incident, which was reported by forum user @superdutynick, “a reminder that HTTPS, while encrypted, is not a guarantee of a secure transaction as attackers can compromise the systems at both ends of any encrypted conversation.”

Users whose credit card numbers, expiration dates and security codes may have been compromised were those that entered credit card data on any time between mid-November 2017 and January 11. OnePlus stressed that users paying with a saved credit card, “Credit Card via PayPal” or PayPal “should NOT be affected.”

The company urged customers to tag any charges on their credit card statements that seem suspicious and contact their banks for a chargeback. Questions were referred to the OnePlus support team at

OnePlus also asked users to report any potential system vulnerabilities to [email protected].

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.