Chinese smartphone company OnePlus was hacked and up to 40,000 customers had credit card info stolen

OnePlus today confirmed thieves stole tens of thousands of people’s credit card numbers from its online store. The Chinese smartphone company admitted after a week of investigation that about 40,000 of its customers had their payment card details were taken while buying stuff from its web shop. In a blog post on its website, OnePlus apologized for the incident. “We are deeply sorry to announce that we have indeed been attacked, and up to 40k users at oneplus.net may be affected by the incident. We have sent out an email to all possibly affected users,” OnePlus said.

The company went on to explain that, “one of its systems was attacked, and a malicious script was injected into the payment page code to sniff out credit card info while it was being entered. The malicious script operated intermittently, capturing and sending data directly from the user’s browser. It has since been eliminated. We have quarantined the infected server and reinforced all relevant system structures.”

The affected users are those who entered their credit card info on oneplus.net between mid-November 2017 and January 11, 2018.
Credit card info (card numbers, expiry dates and security codes) entered at oneplus.net during this period may be compromised. The company said that users who paid via a saved credit card should not be affected. Users who paid via the “Credit Card via PayPal” method are also not affected. The company has since contacted potentially affected users via email. The company recommends that customers check their card statements and report any charges they don’t recognize to their bank. The company also promised  to help initiate a chargeback and prevent any financial loss.

“We cannot apologize enough for letting something like this happen. We are eternally grateful to have such a vigilant and informed community, and it pains us to let you down. We are in contact with potentially affected customers. We are working with our providers and local authorities to better address the incident. We are also working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit. All these measures will help us prevent such incidents from happening in the future,” the company said.