Up to 40,000 OnePlus customers may have had their credit card information stolen

Image: OnePlus (w/ edits by article author)
Image: OnePlus (w/ edits by article author)
The darling of the mobile phone enthusiast community is in hot water once again. Less than a week after it was discovered that OnePlus was sending user data to servers in China without permission, the Chinese OEM's merchant platform was compromised. OnePlus has just revealed the full scope of the attack: up to 40,000 users may have had their credit card information stolen.
Sam Medley,

Working For Notebookcheck

Are you a techie who knows how to write? Then join our Team! Especially English native speakers welcome!

Currently wanted: 
German-English-Translator - Details here

It's been a rough few months for OnePlus. In addition to sending user data to outside servers (twice), the Chinese OEM announced that their merchant platform had been compromised earlier this week. Today, OnePlus gave an idea as to the full scope of the breach: up to 40,000 customers' credit card information may have been stolen.

Over the weekend of January 13th, some OnePlus customers starting posting reports of unknown transactions appearing on their credit cards they used to purchase items from OnePlus's website. After doing a bit of digging, the company discovered that their merchant platform had been compromised. The company did the right thing and immediately suspended any credit card purchases to contain the breach.

Unfortunately, it looks like quite a bit of damage had already been done. In a forum post made earlier today, OnePlus confirmed that their site had been attacked. Malicious code had been injected into their payment site which was then used to sniff out credit card information. OnePlus has stated that up to 40,000 users may be affected by this.

If you made a purchase on anytime between November of 2017 and January 11 of 2018, your credit card information may have been compromised, including the 16-digit number, expiration dates, and the card's CSV code.

There is a small silver lining. If you had saved your credit card info from an earlier purchase, it's unlikely this attack affected you. Also, if you paid via PayPal (either through an account or a linked credit card), you should also be safe. OnePlus will also be contacting customers that may have been affected directly and are re-examining their payment process to tighten up security.

While a security breach is never good news, especially when it involves customers' financial information, OnePlus is being incredibly responsive to the problem. If you made a purchase on OnePlus's site, it is highly advised that you diligently track your bank accounts and credit cards. Report any unknown or suspicious activity to your bank or card provider (e.g., Mastercard, Visa) IMMEDIATELY.


+ Show Press Release
static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2018 01 > Up to 40,000 OnePlus customers may have had their credit card information stolen
Sam Medley, 2018-01-19 (Update: 2018-01-19)
Sam Medley
Sam Medley - Review Editor - @samuel_medley
I've been a "tech-head" my entire life. After graduating college with a degree in Mathematics, I worked in finance and banking a few years before taking a job as a Systems Analyst for my local school district. I started working with Notebookcheck in October of 2016 and have enjoyed writing news articles and notebook reviews. My areas of interest include the business side of technology, retro gaming, Linux, and innovative gadgets. When I'm not hunched over an electronic device or writing code for a new database, I'm either outside with my family, playing a decade-old video game, or sitting behind a drum set.