As many as 40,000 OnePlus customers were affected by theft of credit card data

Earlier this week, we told you that OnePlus had to stop accepting credit cards for purchases made on its website. A security breach allowed customers' credit card information to be stolen while in the middle of completing a transaction online. According to the company, the breach was executed by a malicious script that had been running on one of its payment processing servers since the middle of November. With a third party security firm investigating the matter, OnePlus says that it has discovered how and where the attack was introduced to its server, although it doesn't know if it was installed physically at the site, or installed using remote access.

OnePlus says that as many as 40,000 of its customers were affected by the breach. This number was characterized by OnePlus as a "small subset" of its total customer count. The information stolen included credit card numbers, expiration dates and security codes. The malicious script sent this data directly from the customer's browser, and has since been eliminated, according to the company.

If you made a purchase on the OnePlus website using a credit card between the middle of November and January 11th, you should check your credit card statements for charges that you did not authorize. The company adds that those using a saved credit card, and those who paid with the "Credit Card via PayPal" option should not be affected. Information from PayPal cards were not part of the theft.


If you have more questions pertaining to the incident, OnePlus suggests that you head over to their support page by clicking on this link.

source: OnePlus

Holiday special: Iconic Phones is now 10% off!

Our new coffee table book, Iconic Phones, is a stunning visual tribute to the legends in the world of phones, featuring exclusive high-resolution photography, stories, quotes and fun trivia. Save 10% by using this code at checkout: XMAS10. Offer lasts until 1 January 2026.

Shop Now