Reset the counter. The counter that counts the days since OnePlus’ last public relations disaster. Last week a OnePlus user reported that his credit card had been hack/misused and the only place it may have happened was the OnePlus website. Slowly more and more OnePlus customers reported in that they too had fell foul of credit card fraud. Today OnePlus has broken their silence over the issue after earlier halting all credit card sales on their website while they investigated the breach.
Via their forums they issued a statement, allowing users to comment and to their credit they responded to many comments.
Following are a few snippets of the statement:
We are deeply sorry to announce that we have indeed been attacked, and up to 40k users at oneplus.net may be affected by the incident. We have sent out an email to all possibly affected users.
One of our systems was attacked, and a malicious script was injected into the payment page code to sniff out credit card info while it was being entered.
The malicious script operated intermittently, capturing and sending data directly from the user’s browser. It has since been eliminated.
We have quarantined the infected server and reinforced all relevant system structures.
Some users who entered their credit card info on oneplus.net between mid-November 2017 and January 11, 2018, may be affected.
Credit card info (card numbers, expiry dates and security codes) entered at oneplus.net during this period may be compromised.
We cannot apologize enough for letting something like this happen. We are eternally grateful to have such a vigilant and informed community, and it pains us to let you down.
We are working with our providers and local authorities to better address the incident. We are also working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit. All these measures will help us prevent such incidents from happening in the future.
The letter is being sent out ONLY to those who may be affected and has the following message:
It is unclear at this stage whether it has affected other OnePlus websites such as the Indian one (and I have not noticed any issues on my card….yet) but it has definitely affected the main OnePlus website. Those who paid with PayPal or used a credit card that was already saved on the website are not affected.
One Billion Dollars
In other news, this time good news for OnePlus, OnePlus have broken the billion-dollar sales mark and made a decent profit — something that should not be sneezed at in the modern smartphone world (HTC and LG are two companies who no doubt would be jealous of that). In an interview with the Telegraph in the UK OnePlus’ CEO Pete Lau had doubled its yearly revenue to more than $1.4bn (£1bn) leading to “healthy profits”.
Pete Lau went on to say that they will be more transparent with their revenues in the future to demonstrate how healthy the company is so their customers can have confidence that they are buying from a company that will be around for a long while.
At the end of this we have to remember that unfortunately credit card fraud is a real thing and can affect any company. It is unfortunate that it has affected a company that has had so much bad luck and bad publicity over the years. Even with this bad publicity they still sold a billion dollars of phones last year so they must be doing something right.
Luckily my credit card has not been affected (OnePlus India payment) and I am still happy to call the OnePlus 5T the current best value for money smartphone. Stay tuned for my review in the coming days.