OnePlus har i skrivende stund lukket ned for kreditkort-transaktioner på deres website.
Det sker efter at firmaet har opdaget, at kunder, der har handlet på websiten, har fået trukket penge på kortet fra ukendte kilder.
OnePlus modtog klager fra kunder, der alle har det til fælles, at de for nylig har handlet på deres website, og firmaet gik med det samme igang med at undersøge sagen. Efterhånden som undersøgelsen fandt sted, opdagede OnePlus, at det stod værre til end først antaget. Derfor har OnePlus nu lukket helt ned for kreditkort-transaktioner, indtil en løsning kan findes.
OnePlus har ikke har sagt noget om, hvorvidt de er blevet hacket, og at det er ad den vej, nogen har fået fingre i kundernes kreditkort-informationer.
3 sælger OnePlus-telefonerne i Danmark, men skulle du alligevel have købt noget på OnePlus-websiten i de seneste måneder, kan det være en god idé lige at tjekke dine kreditkort-transaktioner og se, om du kan genkende dem alle.
Opdatering
Mandag aften den 17. januar har OnePlus udsendt nedenstående meddelse på deres forum, ligesom de har lukket for betalinger med kreditkort. Man kan dog stadig betale med PayPal.
Fejlen skyldes åbenbart et sikkerhedshul i deres e-handelsplatform, og arbejder hårdt på at løse problemet.
Hi there, At OnePlus, we take information privacy extremely seriously. Over the weekend, members of the OnePlus community reported cases of unknown credit card transactions occurring on their credit cards post purchase from oneplus.net. We immediately began to investigate as a matter of urgency, and will keep you updated. This FAQ document will be updated to address questions raised.
The reports have come from some customers who made credit card payments directly on oneplus.net (without involving a third party such as PayPal). We are investigating each report.
No. Your card info is never processed or saved on our website – it is sent directly to our PCI-DSS-compliant payment processing partner over an encrypted connection, and processed on their secure servers.
If you checked the “save this card for future transactions” while making a payment, all this means is that our payment processing partner encrypted and securely stored your card info and sent us a few digits (for identification purposes; see image below), plus a “token” – a string of symbols that represents your card. This token is stored in our system, but it’s impossible for us to decrypt it and access your card info. Next time you make a payment at oneplus.net, this token will be recognized by our payment processing partner, who then fetches your original card info from their secure vault and uses it for payment processing.
Source: https://blog.sucuri.net/2015/04/impacts-of-a-hack-on-a-magento-ecommerce-website.html Oneplus.net was initially built on the Magento eCommerce platform. However, since 2014 we have been re-building the entire website with custom code, and credit card payments were never implemented in Magento’s payment module at all. So no, we shouldn’t be affected.
Payment fraud is a perennial concern with all online payments. If you notice suspicious charges in your card statement, contact your bank immediately so they can reverse the payment. Our website is HTTPS encrypted, so it’s very difficult to intercept traffic and inject malicious code, however we are conducting a complete audit.
If you suspect that your credit card info has been compromised, please check your card statement and contact your bank to resolve any suspicious charges. They will help you initiate a chargeback and prevent any financial loss.
This is an ongoing investigation. We are working with our third-party providers, and will update you on our findings as they surface. Information security is a very serious topic, and it has always been one of our top priorities. If you have any suggestions or comments, please send them to [email protected].
We would like to thank the community for bringing the issue to our notice. |