Hackers may have infiltrated the consumer website of OnePlus, the Chinese smartphone maker, stealing customers' credit card information.
According to a report in TheNextWeb, the cybersecurity company Fidus has found a way for hackers to steal sensitive credit card information from the company’s website. The report noted that hundreds of impacted users have complained on Reddit and OnePlus official forums about suspicious activity on their credit cards. Customers contend the first fraud attempts happened within a year of purchasing a phone from OnePlus website.
Fidus noted that it can’t confirm that OnePlus was hacked, only that it spotted a vulnerability that could have led to would-be attacks. “We stepped through the payment process on the OnePlus website to have a look what was going on. Interestingly enough, the payment page, which requests the customer’s card details, is hosted ON-SITE,” a post from Fidus said, according to TheNextWeb. “This means all payment details entered, albeit briefly, flow through the OnePlus website and can be intercepted by an attacker.”
OnePlus hasn’t said anything on the record yet, but the report noted that a moderator of a OnePlus forum who purports to have an information technology background tried to cast doubt on the research, saying the evidence doesn’t support Fidus’ claims.
The potential hack of the Chinese smartphone maker comes at a time when rival company Huawei lost a deal to sell its smartphones via AT&T over security concerns. According to a Reuters report last week, AT&T was pressured to bow out of the deal after lawmakers sent a letter to the Federal Communications Commission in December raising concerns about Huawei’s plan to roll out consumer products through a U.S. telecom carrier. The letter was signed by 18 lawmakers.