Cyber security firm Fidus recently discovered that popular Chinese smartphone company OnePlus was one of the latest victims of a major hacking set up. A large group of OnePlus users complained about suspicious activity on their credit cards, voicing their concerns on OnePlus forums and Reddit.

Fidus initially investigated OnePlus when a forum post published by a OnePlus customer described their concerns. Two of of their credit cards had been compromised, with OnePlus being the only link between the cards. They found that the Magento-hosted OnePlus website used a payment gateway that was hosted on-site, exposing them to potential attacks.

At the time of the investigation, OnePlus halted on-site payments, but continued to accept Paypal payments.

OnePlus Confirms Speculation

As of last week, OnePlus hadn’t officially confirmed that they were hacked, but stated that they were investigating the claims made by many of its customers. Over the weekend, however, they confirmed the hack of their site.

As suspected, a malicious code was inserted into the website’s payment gateway. OnePlus sent emails to the 40,000 customers they believe may have been affected by the hack.

OnePlus released a statement on its forum, saying, “We cannot apologize enough for letting something like this happen. We are eternally grateful to have such a vigilant and informed community, and it pains us to let you down.”

The Danger of On-Site Payment Processing

OnePlus is a solid example of what can happen when you don’t choose the right payment gateway and/or don’t follow best safety practices for online purchasing. When a payment gateway is hosted on-site, it can lead to many problems. Every bit of data entered flows through the host site for just a moment–however fleeting–and during that moment, the data can be intercepted by a hacker. Upon submission, it’s sent to a third-party payment processor, but that small window of opportunity can capture sensitive information, like credit card details.

Choosing the right payment gateway and setup can help secure businesses and customers. These payment processors are in charge of taking care of all the tricky details behind payment submission forms, ensuring safety across the board. They help webmasters better meet standards for data security online and handle all encryption needs.

Different types of payment gateways are equipped with different features, such as the ability to accept multiple payment types and integrate with various platforms. Issues arise when business owners fail to understand how different gateways work, and where safety can be compromised.

The Magento Vulnerability

Using Magento, as opposed to another ecommerce platform like WooCommerce or Shopify, has a track record of opening up webmasters to vulnerabilities. According to one blog post published by Scuri, “As with most Magento sites, this site had a checkout form that requests customers’ credit card details. Behind the scenes, Magento encrypts this data and saves it or sends it to a payment gateway to complete the transaction.”

This means that during the fleeting moment described earlier, Magento is in charge of handling security, rather than the payment processor, which can create issues as demonstrated by OnePlus.

Negative Effects

A hack on your website can have disastrous consequences. The United States National Security Alliance found that 60% of small businesses that fall victim to an online attack are out of business within six months. On average, they’ll have to pay nearly $700,000 to clean up a hack mess. This is exactly what happened to Efficient Services Escrow Group when a hack siphoned over $1 million from the company’s escrow accounts to China.

It can also cost you your business reputation. Businesses that fail to keep customers safe will suffer in terms of revenue. Existing customers will think twice before making a purchase again, and potential customers will likely move on to your competitors and spare the chances.

A good reputation is such a reliable determination of a business’s products and services because it’s the one thing that no business–no matter how profitable–can purchase. Surveys and studies reflect the power of positive reputation, which is critical for operations. Your business reputation affects all aspects of your end-to-end funnel. It follows everywhere you go and everything you do: this means, not only does it affect your target audience, but facilitates growth across all your business relationships.


  1. Pretty nice post. I just stumbled upon your blog and wanted to say that I have truly loved browsing your weblog posts. After all I’ll be subscribing in your feed and I’m hoping you write again soon!|

  2. Hi would you mind letting me know which webhost you’re utilizing? I’ve loaded your blog in 3 different web browsers and I must say this blog loads a lot faster then most. Can you recommend a good internet hosting provider at a honest price? Cheers, I appreciate it!|

  3. Do you mind if I quote a couple of your posts as long as I provide credit and sources back to your blog? My website is in the very same area of interest as yours and my users would definitely benefit from some of the information you provide here. Please let me know if this ok with you. Many thanks!|

  4. Great post. I used to be checking constantly this blog and I am impressed! Very helpful information specially the last section 🙂 I handle such info much. I used to be looking for this certain info for a very lengthy time. Thanks and good luck. |

  5. Thanks for your marvelous posting! I truly enjoyed reading it, you could be a great author.I will be sure to bookmark your blog and may come back in the foreseeable future. I want to encourage you to definitely continue your great job, have a nice weekend!|

  6. Thanks for ones marvelous posting! I seriously enjoyed reading it, you will be a great author. I will make sure to bookmark your blog and will often come back down the road. I want to encourage continue your great posts, have a nice day!|

  7. Right away I am going to do my breakfast, after having my breakfast coming yet again to read further news.|

  8. Simply want to say your article is as astonishing.
    The clearness in your post is just excellent and i can assume
    you are an expert on this subject. Well with your permission let me to grab your feed to keep updated with forthcoming post.
    Thanks a million and please keep up the enjoyable work.

  9. Hey there I am so delighted I found your website, I really found you by mistake, while I was looking on Askjeeve for something else, Anyways I am here now and would just like to say thank you for a marvelous post and a all round entertaining blog (I also love the theme/design), I don’t have time to read it all at the moment but I have saved it and also added in your RSS feeds, so when I have time I will be back to read much more, Please do keep up the fantastic jo.|

  10. Does your blog have a contact page? I’m having trouble locating it but, I’d like to send you an e-mail. I’ve got some creative ideas for your blog you might be interested in hearing. Either way, great website and I look forward to seeing it expand over time.|

  11. Ahaa, its pleasant dialogue regarding this post at this place at this webpage, I have read all that, so now me also commenting at this place.

  12. Hi are using Wordpress for your site platform? I’m new to the blog world but I’m trying to get started and create my own. Do you require any html coding knowledge to make your own blog? Any help would be greatly appreciated!|

  13. Everything published made a lot of sense. But, what about this? what if you typed a catchier title? I ain’t saying your information isn’t solid, however suppose you added a post title that makes people want more? I mean BLOG_TITLE is kinda plain. You could glance at Yahoo’s home page and watch how they write article headlines to get people interested. You might try adding a video or a related picture or two to get readers excited about everything’ve got to say. In my opinion, it would make your posts a little livelier.|

  14. It’s not the amount of testosterone or DHT that causes baldness; it’s the sensitivity of your hair follicles.

  15. Howdy! Do you use Twitter? I’d like to follow you if that would be ok. I’m definitely enjoying your blog and look forward to new posts.

  16. I always used to read post in news papers but now as I am a user of web
    thus from now I am using net for posts, thanks to web.

  17. Hi to every one, as I am really keen of reading this web
    site’s post to be updated regularly. It consists of fastidious material.

  18. After I initially commented I seem to have clicked on the -Notify me when new comments are added- checkbox and from now
    on each time a comment is added I receive four emails with the exact same comment.
    Is there a way you can remove me from that service? Thanks!

  19. Thanks for ones marvelous posting! I actually enjoyed reading it,
    you happen to be a great author. I will be sure to bookmark your blog and definitely will come back later in life.
    I want to encourage that you continue your great job, have a nice

  20. I am curious to find out what blog platform you happen to be using?
    I’m having some small security problems with my latest site and I would
    like to find something more secure. Do you have
    any suggestions?

  21. Greetings from Idaho! I’m bored at work so I decided to check out your blog
    on my iphone during lunch break. I really like the knowledge you present here and can’t
    wait to take a look when I get home. I’m shocked at
    how quick your blog loaded on my phone .. I’m not even using WIFI, just
    3G .. Anyways, amazing site!

  22. This paragraph will assist the internet visitors for building
    up new blog or even a blog from start to end.

  23. Why people still use to read news papers when in this technological globe all is
    existing on net?

  24. What i do not realize is in fact how you are now not really much more well-appreciated than you may be now.
    You are so intelligent. You realize thus considerably in the case of this matter, produced me individually consider it from a lot of
    various angles. Its like women and men aren’t interested except it’s one thing to do with Woman gaga!
    Your own stuffs outstanding. At all times deal with it up!

  25. I’m curious to find out what blog system you are utilizing? I’m experiencing some minor security issues with my latest site and I would like to find something more secure. Do you have any suggestions?

  26. 209059 466185yourselfm as burning with excitement along accumulative concentrating. alter ego was rather apocalyptic by the mated ethical self went up to. It is punk up to closed ego dispirited. All respecting those topics are movables her should discover no finish touching unpronounced. Thanks so significantly! 950559


Please enter your comment!
Please enter your name here