Earlier this week, OnePlus confirmed that it was looking into reports that some of its customers had suspicious credit card activity tied to the OnePlus online store.
Soon after, the company announced that it was disabling credit card payments on its website, as it continued to research the incident. OnePlus now says that up to 40,000 of its customers have indeed been affected by the credit card breach on their website.
“We are deeply sorry to announce that we have indeed been attacked, and up to 40k users at oneplus.net may be affected by the incident. We have sent out an email to all possibly affected users.”
OnePlus does a pretty decent job in letting people know what happened. The company confirms that there was an attack on its website and that a “malicious script was injected into the payment page code” which was designed to “sniff out” credit card information was it was entered on the site.
The company says that the malicious script has since been eliminated and that it has quarantined the infected server and reinforced all relevant system structures.
And here’s another important bit that pertains to those who might be affected:
Some users who entered their credit card info on oneplus.net between mid-November 2017 and January 11, 2018, may be affected.
Credit card info (card numbers, expiry dates and security codes) entered at oneplus.net during this period may be compromised.
Users who paid via a saved credit card should NOT be affected.
Users who paid via the “Credit Card via PayPal” method should NOT be affected.
Users who paid via PayPal should NOT be affected.
We have contacted potentially affected users via email.
OnePlus says that if you have purchased something from their online store to keep an eye out for any suspicious activity on your statements. If you see anything, report it to your banking establishment to work out a refund. And if you have any questions, you can contact OnePlus directly.
OnePlus is still working on the situation from every angle, especially with implementing a more secure online storefront in the future.