SmartMetric Inc (SMME)

[PoorP-S]

40,000 credit cards breached - OnePlus

Credit card payments remain suspended during ongoing investigation
[comment by poster - imagine how happy you would all be if you were one affected. again your life is interrupted. we need to be doing something. the processes we all have to use now are pathetic. there is no confidence in the levels of security being used now, so let's continue to hope for the best from SMME.]

OnePlus says up to 40,000 customers were affected by credit card security breach

OnePlus credit card details breached - all 40000 of them

OnePlus has announced that up to 40,000 customers were affected by the security breach that caused the company shut down credit card payments for its online store earlier this week. The information is the result of an ongoing investigation with a third-party security agency into the breach that caused customers’ credit card information to be stolen while they were purchasing OnePlus products.

Though reports of stolen credit card information and fraudulent purchases were only made in the past week, OnePlus says that the script that stole the data had been running on one of its payment processing servers since mid-November. The script was able to capture full credit card information, including card numbers, expiry dates, and security codes directly from a customer’s browser window. The company says it has determined where the exploit happened and has found the point of entry for the attacker, but the investigation remains ongoing. It’s not yet clear if the attack was done remotely, or if someone had physical access to the server to install the script.

In a forum post detailing the findings, OnePlus says the script operated “intermittently” and the infected server has been quarantined from the rest of the system. It also says that customers that paid via a saved credit card, a credit card processed via PayPal, or through a PayPal account should not have been affected by the breach.

A OnePlus spokesperson says that the 40,000 customers exposed to the attack “represent a small subset” of its total customer base.
[comment from the poster - what a cavalier attitude by this mob!!]
The company is reaching out to affected customers and offering a year of credit monitoring service for free. It is also working with local authorities during the investigation.

Credit card payments will remain suspended on the OnePlus.net store until the investigation is complete, with customers able to purchase items through PayPal in the meantime. OnePlus says it is working to implement a more secure credit card payment method before it re-enables them.

Last week, OnePlus CEO Pete Lau told CNET that it is exploring partnerships with US carriers, but a spokesperson confirmed that this security breach will not change anything in terms of OnePlus’ online sales strategy. The company currently does not have plans to move its store to Amazon or another e-commerce platform.