OnePlus may have been affected by a serious security breach in your payment portal. After we exposed here the case that raised suspicions of credit card fraud, the agency Fidus He believes the situation could be more serious than originally thought.
After several users came to Reddit, Twitter and OnePlus official forums to expose the situation, they all shared their experiences. In common they had reports of cases of credit card fraud. In recent months, after making payments or transactions on the OnePlus official website, your cards have been used without your knowledge for multiple purchases.
See also: 24 free apps on Google Play Store for your Android
It is not yet certain if OnePlus is to blame in this case. However, yesterday you posted a topic explaining how your payment system works in your official forum. They would also take the opportunity to announce a general investigation into the matter.
OnePlus Suspends Credit Card Payments
The conclusions of Fidus show us two possible scenarios. The first is that the payment portal used by OnePlus, CyberSource has been hacked, and your safety is compromised. The second scenario suggests that OnePlus itself has been hacked. Which one is true for now we don't know. It will all depend on the ongoing research.
In its defense, OnePlus claims that credit card payment processing does not occur on its website. " Your credit card information is never processed or stored on our website. It is sent directly to the PCI-DSS certified payment platform with which we have a partnership. This transmission is mediated by an encrypted connection. The payment is then processed on your secure servers. " Statements by a OnePlus spokesperson in their official forums.
"Our website is encrypted via HTTPS so it is very difficult to intercept any traffic and inject illegal code. However, we are conducting a thorough investigation, " adds this employee of the company.
OnePlus website has encryption HTTPS
Research is ongoing, OnePlus wants to get to the heart of the matter
Researchers further suggest that the OnePlus payments page does not meet the requirements of the PCI-DSS standard of UK Cards Association contrary to what the company claims.
Note that PCI-DSS is an acronym for Payment Ward Industry Dlace security sstandard. In other words, the security standard for card payments. Assesses a total of 12 points or requirements in a total of 6 categories that companies must fulfill to receive this certification.
THE Fidus It also placed some emphasis on the possibility that OnePlus was the victim of a serious security breach. The danger goes beyond credit card fraud if this happens. At stake would be the plugin Magento eCommerce from CyberSpace. The great vulnerability of this plugin consists of the file cc.php. File used to store the user's credit card details.
Proposed scheme for access to credit card data
Magento has been the victim of several attacks over the past few years, one of which has left more than 200,000 stores and shopping platforms vulnerable to an attack.
Once again, OnePlus states that it has never used the plugin Magento to process payments by credit cards. "OnePlus.net was initially set up to use the Magento eCommerce platform. However, since 2014 we have been rebuilding our entire original and custom code website. … Therefore we should not be affected. " OnePlus holder statements in their official forums.
Regarding the credit card payments page on OnePlus official website, there we find the option of "save this card for future purchases. " Here the brand states that this data is managed by servers other than OnePlus.
Credit card payments have been disabled
It should be noted that we have not yet had any confirmation that there has been a security breach. If you are concerned about the security of payments on the OnePlus official website use PayPal.
If you are concerned about possible misuse of your credit card after making payments or transactions on the OnePlus website then contact your bank immediately.
Be aware of any suspicious movements or payments made from your credit cards. This way you can prevent any unlawful and / or fraudulent situation.
Relevant subjects at EBox:
Hobby: Don't waste time and win an Apple iPad Air
OnePlus reaches new milestone and reveals plans for 2018
Samsung Galaxy S9 – variable camera aperture, do you know what it is?
Source | Via