Up to 40,000 OnePlus customers may have had their credit card information stolen
It's been a rough few months for OnePlus. In addition to sending user data to outside servers (twice), the Chinese OEM announced that their merchant platform had been compromised earlier this week. Today, OnePlus gave an idea as to the full scope of the breach: up to 40,000 customers' credit card information may have been stolen.
Over the weekend of January 13th, some OnePlus customers starting posting reports of unknown transactions appearing on their credit cards they used to purchase items from OnePlus's website. After doing a bit of digging, the company discovered that their merchant platform had been compromised. The company did the right thing and immediately suspended any credit card purchases to contain the breach.
Unfortunately, it looks like quite a bit of damage had already been done. In a forum post made earlier today, OnePlus confirmed that their site had been attacked. Malicious code had been injected into their payment site which was then used to sniff out credit card information. OnePlus has stated that up to 40,000 users may be affected by this.
If you made a purchase on OnePlus.net anytime between November of 2017 and January 11 of 2018, your credit card information may have been compromised, including the 16-digit number, expiration dates, and the card's CSV code.
There is a small silver lining. If you had saved your credit card info from an earlier purchase, it's unlikely this attack affected you. Also, if you paid via PayPal (either through an account or a linked credit card), you should also be safe. OnePlus will also be contacting customers that may have been affected directly and are re-examining their payment process to tighten up security.
While a security breach is never good news, especially when it involves customers' financial information, OnePlus is being incredibly responsive to the problem. If you made a purchase on OnePlus's site, it is highly advised that you diligently track your bank accounts and credit cards. Report any unknown or suspicious activity to your bank or card provider (e.g., Mastercard, Visa) IMMEDIATELY.