OnePlus, the latest entrant in the smartphone world has landed itself in a pool of trouble. OnePlus smartphone users who bought their smartphone from the OnePlus’ website using credit cards have reported unauthorised transactions with the credit cards details. After receiving multiple complaints, OnePlus has acted and did what was necessary. OnePlus has temporarily suspended the use of credit cards on its website. However, people who are interested in buying from the OnePlus website can use PayPal. On its forum, one of the members of the OnePlus team, Mingyu, wrote: “This is a serious issue and we are investigating around the clock. As a precaution, we are temporarily disabling credit card payments at oneplus.net. PayPal is still available, and we are exploring alternative secure payment options with our service providers. Thank you all for the kind words and support.”

OnePlus addressed the issue after users on OnePlus’ forums conducted a poll. The results of the poll found that users who bought from the OnePlus’ website registered an multiple unauthorized credit card transactions. According to the poll, at least 174 members said they had discovered transactions done from their cards after making a purchase from OnePlus.

In its blog post, OnePlus further wrote, “This is an ongoing investigation. We are working with our third-party providers and will update you on our findings as they surface. Information security is a very serious topic, and it has always been one of our top priorities.”

OnePlus said that the website is undergoing a complete audit in order to look for such potential faults. OnePlus advised its customers who are affected by fraud should contact their bank to initiate a chargeback.

Information security firm, Fidus, on its website, explained that how big issue can actually be. Fidus stated that OnePlus is using the Magento e-commerce platform, which ‘is a common platform for credit card hacking.’ Fidus also noted that OnePlus is currently making use of the CyberSource Magento add-on to check the process. Fidus on their website wrote that there were two potential avenues for the attack: 1) Malicious JavaScript was hosted on the OnePlus eCommerce website and has since been removed. Attempts were made to validate this theory using Archive.org, however, the payment page was not indexed. And 2) CyberSource themselves have been the victim of a cyber attack. If this statement is true, the issue is far bigger than expected.