OnePlus is at the center of a slowly brewing credit card fraud controversy, with many customers taking to forums and Reddit to discuss the issue. It seems several people have noticed that there have been fraudulent charges on their card after they bought a OnePlus phone via the company’s website.
One particular user bought 2 different OnePlus devices using 2 different credit cards. He says he received a notice informing him about suspected fraudulent activity, after which he verified that there were several transactions which he didn’t make. He then noticed that his other credit card went through the same ordeal.
Apparently, the only place he’s used both cards in the last 6 months was the OnePlus site. This has been echoed across many posts, so there does appear to be some kind of data breach among a small, but growing, number of users. The only factor which appears to link them is the handset maker.
OnePlus has now posted a FAQ document on the matter, acknowledging that several members of the OnePlus community reported cases of unknown credit card transactions after buying goods from its website. It’s currently in the midst of investigating the issue and is promising to keep users updated.
OnePlus also made a point to say that no one’s credit card information is stored on its site. All the relevant data is sent over an encrypted connection to its payment partner. The company further clarified that this has nothing to do with the Magento bug.
The OnePlus website was initially built on Magento, but has since moved on to custom code. The site as it stands today is HTTPS encrypted, which the brand says makes it difficult to intercept traffic and inject malicious code. It’s still conducting a complete audit to be on the safe side.