21.4 C
New York
Thursday, May 13, 2021

Latest Posts

OxygenOS 5.0.1 is coming to OnePlus 5 with Android Oreo

Chinese technology OnePlus has just released a new system update (firmware) for its former high-end OnePlus...

Xiaomi: IoT products will be a major focus of the brand in 2021

Xiaomi is well known for its smartphones and this has already catapulted the company to the...

Samsung Galaxy A22: cheaper 5G smartphone makes the face (video)

Samsung started 2021 to launch new smartphones from the A line. And one of the next...

OnePlus no longer accepts credit card payments

OnePlus 5T OxygenOS Android Oreo Credit Card Payments
The brand is investigating what happened.

OnePlus may have been affected by a serious security breach in your payment portal. After we exposed here the case that raised suspicions of credit card fraud, the agency Fidus He believes the situation could be more serious than originally thought.

After several users came to Reddit, Twitter and OnePlus official forums to expose the situation, they all shared their experiences. In common they had reports of cases of credit card fraud. In recent months, after making payments or transactions on the OnePlus official website, your cards have been used without your knowledge for multiple purchases.

See also: 24 free apps on Google Play Store for your Android

It is not yet certain if OnePlus is to blame in this case. However, yesterday you posted a topic explaining how your payment system works in your official forum. They would also take the opportunity to announce a general investigation into the matter.

OnePlus Suspends Credit Card Payments

The conclusions of Fidus show us two possible scenarios. The first is that the payment portal used by OnePlus, CyberSource has been hacked, and your safety is compromised. The second scenario suggests that OnePlus itself has been hacked. Which one is true for now we don't know. It will all depend on the ongoing research.

In its defense, OnePlus claims that credit card payment processing does not occur on its website. " Your credit card information is never processed or stored on our website. It is sent directly to the PCI-DSS certified payment platform with which we have a partnership. This transmission is mediated by an encrypted connection. The payment is then processed on your secure servers. " Statements by a OnePlus spokesperson in their official forums.

"Our website is encrypted via HTTPS so it is very difficult to intercept any traffic and inject illegal code. However, we are conducting a thorough investigation, " adds this employee of the company.

OnePlus website has encryption HTTPS

However, OnePlus payment platform is hosted on its website. This tells us the Fidus Now a mobster with access to the page could inject some illicit code. Some JavaScript that was sucking some data from the site.

Researchers were unable to view and analyze the source code of the credit card payment portal as crawlers had not indexed it. However, and although they have not found evidence that we would be facing a JavaScript code injection, this hypothesis is taken as possible.

Research is ongoing, OnePlus wants to get to the heart of the matter

Researchers further suggest that the OnePlus payments page does not meet the requirements of the PCI-DSS standard of UK Cards Association contrary to what the company claims.

Note that PCI-DSS is an acronym for Payment Ward Industry Dlace security sstandard. In other words, the security standard for card payments. Assesses a total of 12 points or requirements in a total of 6 categories that companies must fulfill to receive this certification.

THE Fidus It also placed some emphasis on the possibility that OnePlus was the victim of a serious security breach. The danger goes beyond credit card fraud if this happens. At stake would be the plugin Magento eCommerce from CyberSpace. The great vulnerability of this plugin consists of the file cc.php. File used to store the user's credit card details.

Proposed scheme for access to credit card data

OnePlus Fraud Credit Cards 1 Cards
One of the possibilities under investigation that could explain the cases of credit card fraud

Magento has been the victim of several attacks over the past few years, one of which has left more than 200,000 stores and shopping platforms vulnerable to an attack.

Once again, OnePlus states that it has never used the plugin Magento to process payments by credit cards. "OnePlus.net was initially set up to use the Magento eCommerce platform. However, since 2014 we have been rebuilding our entire original and custom code website. … Therefore we should not be affected. " OnePlus holder statements in their official forums.

Regarding the credit card payments page on OnePlus official website, there we find the option of "save this card for future purchases. " Here the brand states that this data is managed by servers other than OnePlus.

Credit card payments have been disabled

OnePlus Credit Cards Payments
Credit card payments have been disabled

It should be noted that we have not yet had any confirmation that there has been a security breach. If you are concerned about the security of payments on the OnePlus official website use PayPal.

If you are concerned about possible misuse of your credit card after making payments or transactions on the OnePlus website then contact your bank immediately.

Be aware of any suspicious movements or payments made from your credit cards. This way you can prevent any unlawful and / or fraudulent situation.

Relevant subjects at EBox:

Hobby: Don't waste time and win an Apple iPad Air

OnePlus reaches new milestone and reveals plans for 2018

Samsung Galaxy S9 – variable camera aperture, do you know what it is?

Source | Via

IPVanish Best VPN For IPTV & Kodi 2019! Stop Letting Your Internet Service Provider Track & Record Your Online Activity. Find Out More Get a License You may also like Did you miss this?

Latest Posts

Huawei P50: new renders highlight your camera

The latest rumors suggest that the Huawei P50 line will be unveiled on June 17. ...

WhatsApp will give even more privacy to your data with this novelty

The WABetaInfo account is back with another very interesting information about the future of WhatsApp. ...

Asus ZenFone 8 are official! Top-of-the-range compact and focus on photography

As promised, Asus today unveiled its new line of Android range tops. They are the...

Change the background of your Xbox Series X for the mythical of the original Xbox

What are dynamic funds? Unlike the traditional wallpapers that we found so far on Xbox One, the dynamic backgrounds They are moving wallpapers. If...

Don't Miss

Samsung One UI 2.5 on the way! See if your equipment is on the list

One UI 2.5 is the latest version of Samsung's Android customization. This interface immediately identifies Samsung...

Smart shoes: the connected future on your feet

Smart Sneakers, the boom of the future? Despite the popularity of sneakers today (which goes beyond sports performance and transcends fashion), the world of "smart...

35 Free Apps on Google Play Store for your Android

From icon packs, Themes, Useful Tools and of course, various games for your Android! There are...

Google Photos and its new subscription printing service, just not a good idea

Google Photos, from the cloud to your home Google photo printing is nothing new. A matter of a couple of years ago they began offering...

This Wandavision theory is both fascinating and painful.

Scarlet Witch and Vision, the big surprise of the season Wandavision is the first in a new slate of original TV series to be released...