OnePlus' Online Payment Platform Allegedly Hacked; User Credit Card Data Stolen

While OnePlus is a company known for manufacturing smartphones that pack in slap-up hardware coupled with near-stock Android experience, the brand has always been in the clasp of controversies.

The company previously institute itself surrounded by the EngineerMode controversy, and afterwards was allegedly blamed for sending user'southward clipboard data to Alibaba's servers. At present, the team has establish themselves trapped in another controversy, this time, due to declared vulnerable online payments.

The OP on the OnePlus Forums that brought the controversy to lite

In a recent blog post on the OnePlus forums, a user reported that he had previously used his credit cards on the website'southward shopping platform to purchase OnePlus devices. He was recently informed that at that place were several transactions requested on his credit cards that he did non make. Equally a result, many other users joined in and reported that they as well had experienced the same effect. At this time it was not clear whether this effect was indeed serious.

So the team at data security firm Fidus stepped in to investigate it. Theemploy of the Magento eCommerce platform was pinpointed every bit a possible vector of set on. This has has been known to have identify, if adequate security measures are not in place. Unfortunately, it looks that way for OnePlus.

As Fidus mentions, at that place's commonly an iFrame involved during the payment process which is handled by a tertiary-party payment processor. Instead, the payment page which requests the client'south carte du jour details is hosted on-site.

Because the data flows direct through the OnePlus site, one could in theory intercept it to misuse details. Although payment details are sent to a tertiary-political party provider upon form submission, the small window in between OnePlus and the provider, could be attacked to siphon credit bill of fare details earlier the data is encrypted on the provider side.

The Magento eCommerce platform has been reported to be 1 of the most vulnerable due east-commerce platforms. The platform makes use of Javascript and/or modification of the cc.php file, which handles the exchange of carte du jour details between the spider web server and the third-party payment provider.

As of now, at that place is no official statement released past OnePlus.

UPDATE: We have reached out to OnePlus to go an official comment on this outcome.

The staff members on the forum did country that the news of the breach has been passed on to the customer service team, but there has been no response to information technology besides at the time of this writing.

For now, as a user, we urge yous to opt for fraud protection on your credit cards to protect you from any data theft or whatever unauthorized transactions. Furthermore, Fidus advised to shop on websites that make utilize of an off-site payment processor. There are besides tertiary-party payment providers that take created PCI compliant sandboxes for secure online transactions, which you can use, the security team reported.

Watch this space for more updates on the same. Too, exercise let us know your thoughts on OnePlus' contempo controversy in the comments down below.

EDITOR: Portions of this story take been updated to reflect the possible ways in which a alienation could have taken identify. We regret the errors in the earlier version.

Source: https://beebom.com/oneplus-online-payment-platform-hacked/

Posted by: diazninot2001.blogspot.com

Share this post