One Plus Website's Payment System Got Hacked And Customers Credit Card Info Compromised
Did you Purchase ONE Plus Mobile From its Website? Then Your Credit Card Info Might Have Been Compromised!
CyberSecurity Firm Fidus discovered the vulnerability and explained,
“We stepped through the payment process on the OnePlus website to have a look what was going on. Interestingly enough, the payment page which requests the customer’s card details is hosted ON-SITE,” the post reads. “This means all payment details entered, albeit briefly, flow through the OnePlus website and can be intercepted by an attacker.”
“While the payment details are sent off to a third-party provider upon form submission, there is a window in which malicious code is able to siphon credit card details before the data is encrypted,”
One Plus given statement in its forum, we take information privacy extremely seriously. Over the weekend, members of the OnePlus community reported cases of unknown credit card transactions occurring on their credit cards post purchase from oneplus.net. We immediately began to investigate as a matter of urgency, and will keep you updated.
One Plus clarifies that credit card info is never processed or saved on its website - it is sent directly to our PCI-DSS-compliant payment processing partner over an encrypted connection, and processed on their secure servers.
How to Protect ?
The safest option to prevent credit card fraud is to use an OFF-SITE payment processor, or a processor who offers iFrame integration with checkout pages. Third-party payment providers have created PCI compliant sandboxes for the very purpose of securely taking card payments; utilise it.It is worth noting that whilst iFrame integration is a safer option that hosting the payment pages yourselves, it is vulnerable to JavaScript attacks. iFrame integration does however combat malicious code within Magento source code; such as Cc.php.
However, OnePlus official described, This matter is under investigation and we are working with our third-party providers to update you on this matter as soon as we find anything.
0 comments:
Post a Comment
Note: only a member of this blog may post a comment.