Things aren’t looking so hot for approximately 40,000 OnePlus customers. And no, not because they’ll probably have to wait until June to upgrade to the OnePlus 6.
It turns out that the company’s website was hacked, and in the process credit card numbers and other payment information was likely stolen.
According to a statement issued by the Chinese smartphone manufacturer, “a malicious script was injected into the payment page code to sniff out credit card info while it was being entered.”
What this means in practice is that, from roughly mid November of 2017 to January 11, 2018, any customer who put their credit card into OnePlus.net could have had it lifted by hackers. Some customers are already reporting fraudulent charges.
“The malicious script operated intermittently, capturing and sending data directly from the user’s browser,” the company said in a statement. “It has since been eliminated. We have quarantined the infected server and reinforced all relevant system structures.”
OnePlus emailed the customers it believes might have been affected, and noted that both card expiration dates and security codes could also have been stolen.
Security researchers at Fidus Information Security looked into the breach, and what they found doesn’t look so good for OnePlus. According to a Fidus blogpost, “OnePlus do not appear to be PCI compliant, nor do they mention this anywhere on the website.”
Why does this matter? PCI is short for Payment Card Industry Data Security Standard, and, according to the PCI Security Standards Council, the standards are “the operational and technical requirements for organizations accepting or processing payment transactions, and for software developers and manufacturers of applications and devices used in those transactions.”
In other words, according to Fidus, OnePlus may not have been taking basic steps to protect its customers data. Like we said, not looking good.
So, what can you do if you got an email from OnePlus notifying you of the breach? Not much, unfortunately. OnePlus says you should check your bank statement for fraudulent charges, and reach out to the company for any “enquiries.”
OnePlus will also offer “one year of credit monitoring to affected customers,” according to a company spokesperson.
Somehow, for those who already had their credit cards stolen, we don’t imagine these measures will provide much solace.
This story has been updated to note that OnePlus is offering limited credit monitoring.
January 19, 2018 / Comments Off on Purchased a OnePlus phone? Yeah, your credit card might have been stolen.
If you gave your credit card number to OnePlus sometime between mid-November and last week, your card may have been comprised. The smartphone maker confirmed this morning through its online forum that upwards of 40,000 customers may have had their numbers exposed to hackers.
“Only a small subset of our customers is affected,” a spokesperson for the company told TechCrunch. OnePlus has sent out emails to users it believes may have been impacted after a malicious code was inserted into the company’s payment page, designed to sniff out credit card numbers.
“The malicious script operated intermittently, capturing and sending data directly from the user’s browser. It has since been eliminated,” a spokesperson wrote in the forum post. The company adds that it’s since taken action, by quarantining the affected server and putting additional safeguards in place.
The company disabled credit card transactions a few days back, after customers began noticing fraudulent charges on their account. It did, however, continue payments made through Paypal, which appear to not have been impacted by the hack. Customers using a card number entered prior to the aforementioned timeline also appear not to have been impacted by all of this. Card payments are currently still disabled on the site.
OnePlus credits its tight knit community in helping bring the issue to light. “We cannot apologize enough for letting something like this happen,” the spokesperson writes. “We are eternally grateful to have such a vigilant and informed community, and it pains us to let you down.”
OnePlus’ fanbase has remained fairly loyal to the company, in spite of a handful of very bumbles during the company’s short history. As The Verge notes, the company is also looking to make an aggressive push into the U.S. through carrier deals and doesn’t believe this latest issue will have much of a direct impact on its chances.
January 19, 2018 / Comments Off on OnePlus confirms up to 40,000 customers were impacted by credit card hack
A significant number of OnePlus customers have reported suspicious activity on the credit cards they’d used to purchase a OnePlus phone.
According to this post on the company’s official forums, 73 customers who had purchased something from OnePlus using their credit card in the last two months have had fraudulent charges on their card.
“I purchased two phones with two different credit cards (…) Yesterday I was notified on one of the credit cards of suspected fraudulent activity, I logged onto credit card site and verified that there were several transactions that I did not make. I went through the process and switched accounts… no big deal. Today same thing with the other credit card,” wrote one customer.
“Same thing happened to me. Placed two orders with OnePlus on the 9th and 10th January 2018. I’ve used two different business credit cards, that I have not used for any other transaction in over a year. This morning (…) I received a call from my bank, asking me about a fraudulent charge of 50 £ on one of the cards,” wrote another.
On Monday, OnePlus posted an official update regarding the situation. The company is looking into the issue, which appears to be connected with direct credit card payments only and not PayPal purchases.
OnePlus claims it does not store credit card info on its website, and the payments are processed by their partner “over an encrypted connection, and processed on their secure servers.” Even if the customer had used the “save this card for future transactions” feature, complete card info still wasn’t stored on OnePlus’s website. Finally, the company also claims its website is not affected by the Magento bug.
OnePlus’ statement, while timely, does not really help its customers much, as it in no way identifies any actual issue that might have caused customers’ credit card info to be stolen. The company says it’s conducting a “complete audit” and will update the customers on its findings.
January 15, 2018 / Comments Off on OnePlus issues statement as some buyers complain of credit card fraud
Star Wars has had a strange smartphone history. The franchise was a no brainer for the Motorola Droid — Verizon actually had to license the name from Lucasfilm, so it follows that a few R2D2 handsets followed over the years. More recently, Sharp, of all companies, scored the rights in time for Rogue One.
With The Last Jedi a mere weeks away, it’s OnePlus’s time to shine, with a Star Wars-branded edition of the 5T, first spotted by The Verge. The Shenzhen-based company is another odd choice — it’s hardly a household name, after all. And the OnePlus 5T Star Wars Limited Edition name isn’t just marketing — at the moment, at least, it appears the phone is only going to be available in India, starting a day before The Last Jedi hits theaters there on December 15.
The 5T is a great budget phone, as we mentioned in our recent review, and it looks like the company hasn’t altered the design language too much to Star Wars it up. There’s a small logo on the rear of the device, and a matching red side button.
The accompanying video, which debuted at Bengaluru Comic Con, highlights the color theme, which obviously takes a cue from Kylo Ren’s lightsaber — part a likely overall Dark Side focus for the new film. There appears to be limited edition wallpaper on the device — and if past Star Wars phones are any indication, there will be other exclusive content on the phone to further the theme. But even if it doesn’t, again, the 5T is a solid phone, Star Wars or no.
TheOnePlus 5T Star Wars Limited Edition will be launched at a OnePlus event in Mumbai on December 14 at an event that features all sorts of other Star Wars swag. We’ve reached out to OnePlus to see if the company has plans to launch the phone elsewhere — though the nature of the license on this one might mean no availability for users far, far away.
December 4, 2017 / Comments Off on OnePlus celebrates ‘The Last Jedi’ with a limited edition Star Wars 5T
Never has there been a phone that has kept me up at night as much as the recently released OnePlus 5T.
As I wrote in my review, it’s a mighty fine Android phone. Correction: It’s mostly mighty fine, except for the cameras. They’re pretty weak and take average-looking photos. Though, an upcoming software update might improve things.
The 5T’s mediocre camera got me thinking really hard over the Thanksgiving weekend: “Would you rather have a phone with cheaper build-quality and midrange performance with a great camera or a premium phone with a camera that takes just average pictures?”
I think I’d pick the latter. The camera is now the most important feature to consider when buying a new phone and is something nobody should compromise on.
There is so much I love about the OnePlus 5T. Spec-for-spec, it holds its own against more expensive Android phones like the Galaxy Note 8 and LG V30, but at half the cost starting at a mere $499.
The 6-inch screen, while not the sharpest, is still very immersive for reading, watching videos, and playing games.
I’d go as far to say the 5T’s the smoothest and most responsive Android phone I’ve ever used (it crashes far less than the Pixel 2). Its thinness and lightness is everything a Galaxy Note 8 isn’t. The battery seems to last forever (up to two days) and Android runs the smoothest I’ve ever seen on a phone. I’m delighted that it has a headphone jack so that I can use my favorite headphones without a dongle.
It’s the full package, except for the cameras. They’re a real deal-breaker.
The camera is one of the most visible phone features that relies heavily on both the hardware and software in order to be great.
The physical camera hardware and its sensor — how big its micron pixel size is, how large its aperture is, etc., important as they are — isn’t the problem.
Companies like OnePlus boast all the time about how their phones use the best mobile camera sensors available. Any phone maker could contract Sony and ask to buy some camera sensors for their phones.
No, the problem is how the photographic data (the light that’s captured) that’s captured by the camera sensor is processed by the phone.
Each phone processes this photo data differently and that’s why image quality is all over the place on Android.
Companies like Apple and Samsung are huge and can dedicate massive amounts of resources — Apple’s reportedly got over 1,000+ people — to work on the cameras, but smaller guys like OnePlus just don’t have the manpower.
And that needs to change.
Now that virtually any company can go and buy off-the-shelf parts and build a metal phone with a big edge-to-edge screen, and the latest processor, and a huge battery, it’s more important than ever to invest in the camera software.
A camera that can’t quickly take sharp photos with accurate colors and wide dynamic range might as well not exist on a phone.
I’m singling out OnePlus because it hurts so much every time I use the 5T (and I’ve been using it non-stop for weeks) to take photos, but almost every Android phone maker is guilty of this.
Essential, Motorola, LG, Sony, Xiaomi, Huawei, etc. The list goes on and and on. All of these players make incredibly well-made premium phones, and yet their cameras are all pretty average. (Pay no attention to the super technical and often misleading about DxOMark scores.)
The Razer Phone, another new Android phone with arguably the best mobile display for entertainment and the best and loudest speakers, somehow didn’t prioritize the cameras at all.
Its camera is stripped down to the bare essentials (you can take a pic and record a video basically) and all of the regular features you’d expect in a phone with dual cameras (portrait mode, etc.) will be coming in a later software update in a few months according to company CEO Min-Liang Tan.
This lack of focus for the cameras is a disturbing trend that seems to be the reverse of what happened a few years ago when Android phone cameras were getting really good. And I blame it on the advent of dual cameras. Everyone’s got their own weird solution (wide lens + 2x telephoto, color lens + monochrome lens, wide lens + ultra-wide, etc.) that it’s basically reset the phone camera wars.
When every company under the sun can build a premium smartphone, what’s left? The software experience, for one thing. But the camera becomes a very key differentiator.
The camera is why when someone asks me what’s the best phone, I keep recommending an iPhone or a Galaxy phone, even though a phone like the 5T costs hundreds less.
I don’t need a more premium phone design. The majority of phones are all metal now (even the cheap ones).
I don’t need a bigger or better screen. They’ve been incredible for years. I don’t need a faster processor. iOS and Android, and all my apps are already smooth and fast enough.
I don’t need a bigger battery anymore, either. Many phones can last a full day easy, and some like my iPhone X and the 5T have enough juice to get me through the morning of the next.
Your phone’s camera should be great out of the box, not as an afterthought that’ll get fixed later. Give me a cheaper phone even with slightly less premium build quality with a killer camera and I’d be happier than a premium phone with a camera that takes potato photos.
After all, selfies make the world go round.
November 28, 2017 / Comments Off on I’d rather have cheaper phone with a great camera than a premium phone with a mediocre one