OnePlus admits that up to 40,000 accounts were affected by a credit card breach

Last week it emerged that OnePlus was conducting an investigation after a number of customers complained about fraudulent credit card charges. Now the company has given an update on the matter, saying that its website was attacked and a malicious script stealing credit card details was injected, affecting up to 40,000 people.

The company has issued an apology for the incident and says that it has contacted those it feels may have been directly affected. In a statement, OnePlus explains that over a two-month period, customers who entered their credit card details at oneplus.net may be at risk.

See also:

The malicious script that had been injected in the site has been removed, and OnePlus says that the server in question has been quarantined. At the moment it is not clear who may have been behind the attack, nor has the company given any hint at the financial impact it had on customers.

Here is the full statement from OnePlus:

Hi all,

We are deeply sorry to announce that we have indeed been attacked, and up to 40k users at oneplus.net may be affected by the incident. We have sent out an email to all possibly affected users.

  1. What happened

    One of our systems was attacked, and a malicious script was injected into the payment page code to sniff out credit card info while it was being entered.
  1. Who's affected
  1. What you can do
  1. What we are doing

We cannot apologize enough for letting something like this happen. We are eternally grateful to have such a vigilant and informed community, and it pains us to let you down.

We are in contact with potentially affected customers. We are working with our providers and local authorities to better address the incident. We are also working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit. All these measures will help us prevent such incidents from happening in the future.

A big thank you to our forum user @superdutynick for bringing this incident to our attention!

Sincerely,

The OnePlus Team

Image credit: Kazick / Shutterstock