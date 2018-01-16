OnePlus said the company is investigating each report, though it did not give out the number of users that might be affected. OnePlus said the company is investigating each report, though it did not give out the number of users that might be affected.

OnePlus customers have taken to the company’s forum as well as Reddit to complain about fraudulent transactions on their credit card, which they used to buy products from the official OnePlus website. OnePlus, in a blog post, said the company “immediately began investigating as a matter of urgency” and this is an “ongoing investigation”. The company adds that it is working with third-party providers.

Over 70 people have so far posted in OnePlus ‘credit card fraud’ forum thread, which was started about a week ago. One of the users said he used two different business credit cards to place two orders, one of which was used for fraudulent charge of 50 euros. The orders were placed on January 9 and January 10, according to the user. Another user reported an attempted fraudulent transaction of 900 euros.

OnePlus said the company is investigating each report, though it did not give out the number of users that might be affected. Do note that the complainants seem to have made credit card payments directly on oneplus.net without involving third-party like PayPal.

“Payment fraud is a perennial concern with all online payments. If you notice suspicious charges in your card statement, contact your bank immediately so they can reverse the payment. Our website is HTTPS encrypted, so it’s very difficult to intercept traffic and inject malicious code, however we are conducting a complete audit,” reads OnePlus’ official statement. “If you suspect that your credit card info has been compromised, please check your card statement and contact your bank to resolve any suspicious charges. They will help you initiate a chargeback and prevent any financial loss.​”

Meanwhile, cyber security consulting firm Fidus Information Security alleged in a blog post that OnePlus currently uses the Magento eCommerce platform, which is a “common platform in which credit card hacking takes place”. However, OnePlus claims that the company has not been using the Magento’s payment module since 2014. Instead the user’s credit card information is sent to PCI-DSS-compliant payment for processing over an encrypted connection. The Chinese technology company assures that the user’s card info is never processed or saved on the company’s website.

