After several users of OnePlus smartphones complained about possible fraud attempts in which their bank cards were targeted, security firm Fidus found a vulnerability on the Chinese company's website. This would allow some hackers to get the data from the cards used to buy OnePlus phones and accessories.
So far, dozens of OnePlus smartphone users have written Reddit and company forums to attract attention on suspect activities in which their cards were involved. Some of them last bought something from OnePlus one year ago.
Fidus says the attacks are related to the e-commerce Magento platform used for transactions on the OnePlus site. This is not the first time this service is targeting cyber criminals.
The payment page is hosted on the company's website and temporarily stores the payment details entered by customers. These can be intercepted, according to Fidus: "There is a window before data is encrypted and sent to the payment processor, where it can be intercepted."
OnePlus has not yet made a statement in related to these incidents.