Several OnePlus customers have complained that their credit cards been used for fraudulent transactions on the official website. Over 70 affected buyers are informed to have been affected in the past four months. OnePlus is investigating the matter and trying to figure out the reason behind this hack.
Monday evening, OnePlus said in a blog that it began the investigations urgently and cleared that the affected users “made credit card payments directly on oneplus.net.”
OnePlus puts the blame on banks and remarks that it is essential to check with the bank to resolve any suspicious charges. The Chinese company is not taking charge of any financial losses despite the loopholes in its own security.
Cyber security firm, Fidus Information Security said that two issues are apparent in the matter: first, the website is not fully PCI compliant, and second that OnePlus has given a false statement that it does not handle card payments. As per Fidus Information Security, the company uses Magento e-commerce platform, which is common for credit card hacking.
On the other hand, OnePlus pays no heed to these concerns and says that credit card data is sent over an encrypted connection to its PCI-DSS-compliant payment processing partner and the payment processing takes place on the partner’s secure servers. However, it has not yet said a word about its website being PCI-compliant or not.
The company acknowledges the fact that the official website was built on the Magento platform, it even adds that it is rebuilding the website with a custom code. In fact, it also states that the credit card payments were not implemented on Magento’s payment module. In place of giving a more assuring answer concerning the security levels, it only says that it is not a very important matter to be affected.