OnePlus customers reporting credit card frauds after making a purchase from official website

Chinese smartphone brand OnePlus is very well known for making smartphones that pack a lot of punch while also being easy on customer’s wallet. However, the company is also known to find itself in hot waters often for different reasons – with the latest one being credit card frauds.

Multiple OnePlus customers on the company’s official forums as well as Reddit are reporting of fraudulent activity with their credit cards after making a purchase from OnePlus’ official website. One such customer going by the name superdutynick has said that he purchased two OnePlus phones using two different credit cards last November, and recently, he was notified about suspicious fraudulent activities on both the credit cards that he used to make the purchase.

Well, soon after superdutynick posted this, other OnePlus customers too chimed in about similar activities on their credit cards after they purchased a product from OnePlus’ official website. Once this post gained traction, OnePlus Community Manager David Y. said that this issue has been brought to the notice of OnePlus Customer Service team and that they are investigating it. At the time of writing this, OnePlus hasn’t shared any further information regarding this matter.

Having said that, the folks over at Fidus – an information security firm – have looked into this matter and have said that OnePlus is currently using Magento eCommerce platform that is known for credit card hacking.

“We stepped through the payment process on the OnePlus website to have a look what was going on. Interestingly enough, the payment page which requests the customer’s card details is hosted ON-SITE and is not an iFrame by a third-party payment processor. This means all payment details entered, albeit briefly, flow through the OnePlus website and can be intercepted by an attacker. Whilst the payment details are sent off to a third-party provider upon form submission, there is a window in which malicious code is able to siphon credit card details before the data is encrypted.” wrote Fidus in a blog post.

At this point of time, there’s no information on the exact number of customers that have been affected, and, we are awaiting an official response from OnePlus which would shed more light on this matter.

Are you a OnePlus customer who purchase their product from their official website using your credit card? If yes, we suggest you to go check your bank statements right away and see if you too have been affected.