OnePlus whoops
The hack of the day comes from OnePlus who have reportedly lost up to 40,000 users credit card information thanks to an exploit that went undiscovered for 2 months. If you've bought anything from OnePlus in the past couple months, you might want to check your statements and maybe get a new credit card. ArsTechnica has the story.
Earlier this week, numerous reports of credit card fraud started pouring in from OnePlus users. On the company's forums, customers said that credit cards used to purchase a OnePlus smartphone recently were also seeing bogus charges, so OnePlus launched an investigation into the reports. It's now a few days later, and the company has admitted that its servers were compromised—"up to 40,000 users" may have had their credit card data stolen.
OnePlus has posted a FAQ on the incident. "One of our systems was attacked," the post reads. "A malicious script was injected into the payment page code to sniff out credit card info while it was being entered." OnePlus believes the script was functional from "mid-November 2017" to January 11, 2018, and it captured credit card numbers, expiration dates, and security codes that were typed into the site during that time. Users who paid via PayPal or previously entered credit card information are not believed to be affected.