OnePlus Reports 40,000 Credit Cards Hacked in Data Breach

Today’s topics include OnePlus attackers stealing credit card data from 40,000 customers; Google, Amazon and Apple backing Microsoft in its email privacy Supreme Court case; Google rolling out an unlimited data plan for Project Fi wireless users; and the Zyklon malware making a comeback.

Mobile phone vendor OnePlus announced on Jan. 19 that it was the victim of a security breach that exposed credit card information of up to 40,000 customers. The admission comes three days after OnePlus announced that it was temporarily disabling credit card payments on its website, after online customers reported seeing unknown credit card charges.

The attack had been ongoing from mid-November 2017 until Jan. 11, OnePlus said. Credit card information including card numbers, expiration dates and security codes entered on the site may have been compromised by a malicious script, which captured data from end users' web browsers and sent it to the attacker.

OnePlus claims it has "quarantined the infected server and reinforced all relevant system structures.”

Amazon, Apple and Google are among 288 signatories on 23 friend of the court briefs filed on Jan. 18 in support of Microsoft in its email privacy case against the U.S. Department of Justice that has made its way to the Supreme Court. Microsoft's lawyers will appear before the Supreme Court on Feb. 27, with a decision expected to be made by June.

Microsoft is challenging the DOJ's efforts to obtain user emails stored in an Irish data center through a search warrant.

Microsoft President and Chief Legal Officer Brad Smith said that the DOJ's attempts to access a foreign user's emails is "a path that will [put] the privacy of U.S. citizens' emails at risk. If the U.S. government obtains the power to search and seize foreign citizens' private communications physically stored in other countries, it will invite other governments to do the same thing," he said.

Google last week rolled out an unlimited data plan for users of its Project Fi high-speed wireless service. With its new Bill Protection feature, Google now caps data usage charges at certain levels regardless of how much data is actually used.

For example, for a single user, Google will continue to charge $20 per month for unlimited voice calling and text messaging and $10 per gigabyte of data used. As usual, Google will only charge for data that is actually used, but under the new plan, the data charges will top off at 6GB. Any additional data used after the 6GB mark will be completely free and available at the same speed, according to Google.

Bill Protection will apply both for data used in the United States and overseas. It is only when users start using more than 15GB of data per month that they will start experiencing slower speeds.

Security researchers at FireEye are warning that the Zyklon malware that targets vulnerabilities found in Microsoft Office is making a comeback. Attackers are preying on a recently discovered vulnerability in the productivity software suite to spread the modular malware, they said.

In addition to creating a backdoor that can be used for password harvesting and keylogging, the malware can conscript infected systems into a botnet that launches distributed denial-of-service attacks.

First spotted in the wild in early 2016, Zyklon has attracted renewed attention in recent days from security researchers. According to FireEye's assessment of the latest Zyklon malware campaign, attackers are focusing their efforts on financial services, insurance and telecommunications companies.