Earlier this week, many people who shop at the OnePlus store reported they saw fraudulent transactions on their credit cards. At that time, the company said it was investigating the claims “as a matter of urgency.” It seems that these investigations have thrown some results on as OnePlus that credit card details may have been stolen from “up to 40,000 users” thanks to malicious code injected on their website.
“One of our systems was attacked, and malicious code was injected into the payment page code for credit card information as it was entered,” One Plus staff member told the company’s Web forums on Friday. “Malicious script runs intermittently, capturing and sending data directly from the user’s browser, and has since been eliminated.”
The company said that only users who entered credit card details again on the site “between mid-November 2017 and 11 January 2018” are likely to be affected. If you pay using the saved credit card details or finish your payment using “credit card by PayPal,” or by direct Paypal, you should not be affected, the company added.
“We can not apologize enough to let something like this happen, and we are eternally grateful to have such a vigilant and enlightened community, and it bothers us to let you down.”
OnePlus added that it was contacting potential customers directly affected, “working with service providers and local authorities to better address this incident.”
If you enter your card information on the OnePlus website between mid-November 2017 and 11 January 2018, it might be a smart thought to ask for another card from your bank, regardless of whether you don’t perceive any fraudulent activity on your card Until now. If you see any charges on your statement that you do not know, contact your bank and initiate a chargeback.
Ikechukwu Onu is a writer, front-end dev, and digital junkie with a profound interest in all things tech. When not reviewing gadgets or apps, he enjoys contributing in groups and forums, tinkering with websites, and hanging out with friends.