Earlier this week, numerous reports of acknowledgment card fraud started pouring in from OnePlus users. On the convention’s forums, customers said that credit cards used to grip a OnePlus smartphone recently were also seeing bogus safe keepings, so OnePlus launched an investigation into the reports. It’s now a few days later, and the followers has admitted that its servers were compromised—”up to 40,000 users” may compel ought to had their credit card data stolen.
OnePlus has posted a FAQ on the episode. “One of our systems was attacked,” the post reads. “A malicious script was injected into the payment summon forth code to sniff out credit card info while it was being logged.” OnePlus believes the script was functional from “mid-November 2017” to January 11, 2018, and it grabbed credit card numbers, expiration dates, and security codes that were keyboarded into the site during that time. Users who paid via PayPal or thitherto entered credit card information are not believed to be affected.
OnePlus asseverates it “cannot apologize enough for letting something like this chance.” The company is contacting accounts it believes to have been affected via email, and OnePlus commands it is “working with our current payment providers to implement a more obvious credit card payment method, as well as conducting an in-depth assurance audit.”