Several OnePlus users have reported fraudulent transactions on their credit card after making purchases on their official website.
According to reports, more than 60 customers have reported the issue in company’s forum, and numerous users have reported the issue on Reddit also.
Read more on: Google Removes 60 Gaming Apps Infected with Pornographic Malware AdultSwine
Oneplus conducted a poll on its forum titled ‘Credit Card Fraud’ in which 57 percent users responded they had fraudulent transactions reported on their credit card after making purchases on the OnePlus official website in past two months.
“I purchased two phones with two different credit cards, first on 11-26-17 and second on 11-28-17. Yesterday I was notified on one of the credit cards of suspected fraudulent activity, I logged onto credit card site and verified that there were several transactions that I did not make,” reported a user in the forum.
One plus has responded to the issue in a forum post that the company is investigating the issue and advised the users to take necessary precaution to prevent further unauthorized transactions on their account.
The company also said that “Your card info is never processed or saved on our website – it is sent directly to our PCI-DSS-compliant payment processing partner over an encrypted connection, and processed on their secure servers”.
Cybersecurity specialist Fidus made a mock purchase on the OnePlus website and found out that the processing form is still hosted on their infrastructure even though the company said that they do not handle any card payments made.
“All payment details entered, albeit briefly, flow through the OnePlus website and can be intercepted by an attacker. While the payment details are sent off to a third-party provider upon form submission, there is a window in which malicious code is able to siphon credit card details before the data is encrypted”.
The company also mentioned that they were not affected by the magneto bug.
OnePlus website was initially built on magnet ecommerce platform but since 2014 they were rebuilding the website with custom codes and Credit card payments were never implemented on magento payment module said the company.
Users are advised to check their account for any unauthorized transaction and take necessary precautions to prevent further damage.