Earlier this week, we told you that OnePlus had to stop accepting credit cards for purchases made on its website
. A security breach allowed customers' credit card information to be stolen while in the middle of completing a transaction online. According to the company, the breach was executed by a malicious script that had been running on one of its payment processing servers since the middle of November. With a third party security firm investigating the matter, OnePlus says that it has discovered how and where the attack was introduced to its server, although it doesn't know if it was installed physically at the site, or installed using remote access.
OnePlus says that as many as 40,000 of its customers were affected by the breach. This number was characterized by OnePlus as a "small subset" of its total customer count. The information stolen included credit card numbers, expiration dates and security codes. The malicious script sent this data directly from the customer's browser, and has since been eliminated, according to the company.
If you made a purchase on the OnePlus website using a credit card between the middle of November and January 11th, you should check your credit card statements for charges that you did not authorize. The company adds that those using a saved credit card, and those who paid with the "Credit Card via PayPal" option should not be affected. Information from PayPal cards were not part of the theft.
"We cannot apologize enough for letting something like this happen. We are eternally grateful to have such a vigilant and informed community, and it pains us to let you down.
We are in contact with potentially affected customers. We are working with our providers and local authorities to better address the incident. We are also working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit. All these measures will help us prevent such incidents from happening in the future."-OnePlus
If you have more questions pertaining to the incident, OnePlus suggests that you head over to their support page by clicking on this link