The company has posted an FAQ document which reveals that only customers who made credit card payments on the site are affected, not those who used PayPal. And if you're anxious that your credit card might have been compromised, OnePlus recommends contacting your bank to monitor for and/or reverse any fraudulent payments.
We'll keep you updated as new info arrives. PCI-DSS, an acronym for Payment Card Industry Data Security Standard, it a set of 12 high-level point-of-sale requirements across six categories which companies must meet in order to achieve compliance. There's still no official statement from the firm, so we don't know exactly how many people might have had their credit card details stolen, but it doesn't appear to be a widespread issue.
Most of the customers who complained about fraudulent card activity used their cards on the OnePlus site within the past two months. However, OnePlus claims that the company has not been using the Magento's payment module since 2014.
Over the weekend, a customer claimed on the OnePlus forums that credit card fraud he experienced was connected to his OnePlus purchase.
OnePlus said that when you make a payment on their site, it is sent directly to a PCI-DDS-compliant payment processing partner and it is done so through an encrypted connection. In a blog post, OnePlus said it is investigating the matter, and says it is still trying to determine the cause behind this apparent hack. "Our website is HTTPS encrypted, so it's very hard to intercept traffic and inject malicious code, however we are conducting a complete audit", a spokesperson wrote on OnePlus's official forums. Few digits are sent to OnePlus for identification purposes plus a "token" - a string of symbols that represents the card. But they will not be able to decrypt the token so they can't access your credit card info. The company previously utilized the Magento e-commerce platform, which was attacked several years ago by a keylogger known as Magecart.
Credit card security is a concern for everyone who shops online - so, all of us - and making sure that those cards are protected is a top priority. "They will help you initiate a chargeback and prevent any financial loss", the statement continued. "We are working with our third-party providers and will update you on findings as they surface".