OnePlus has been in a lot of troubles recently and now it has landed itself into another one — credit card breach. After investigating the reported issue, OnePlus has confirmed that up to 40,000 customers have been affected by a credit card breach.
This development comes a few days after OnePlus shut down credit card processing on its online store following complaints from customers about fraudulent charges landing on their cards after they bought products through OnePlus’s online store.
The China-based company says that one of their systems were hacked and a malicious script was injected into the payment page code to sniff out credit card data while it was being entered. This malicious script operated intermediately and would send data directly from the user’s browser.
OnePlus claim that they have now isolated the infected server and reinforced all relevant security measures. Further, the company said, “We cannot apologize enough for letting something like this happen. We are eternally grateful to have such a vigilant and informed community, and it pains us to let you down.”
The affected users entered their card information on OnePlus’s store between November and January. According to the company, the customers who made purchases with a saved card “should not” be affected and the same goes for those who paid with PayPal or credit card via PayPal.
The company’s investigation is continuing and it is now working with local law enforcement. OnePlus has also said that it is conducting a security audit and “working to implement a more secure credit card payment method.”
This credit card breach incident came to light when several users on OnePlus Forum reported that their credit card details have been leaked after making purchase on OnePlus.net. They added that the unknown culprit has been on the loose, trying to spend tons of their money on coupons, random betting sites, and other such quick-to-cash-out places.