If you bought a OnePlus smartphone recently, then you may want to check your bank account. In a shocking revelation, the Chinese smartphone manufacturer acknowledged on Friday that in November it had been breached by hackers who stole credit card information of as many as 40,000 of its customers.
OnePlus said in a forum post on Friday that the security breach was executed by injecting a malicious script into the payment page code, which allowed the attackers to see customer's credit card numbers, expiration dates and security codes, which is enough for a fraudulent purchase.
With the help of a third party security firm, OnePlus is investigating the matter. So far, OnePlus has discovered how the attack was targeted at its server. However, it still needs to investigate whether the malicious script was injected physically at the site or via remote access.
So if you made a purchase using a credit card on the OnePlus website between mid-November and January 11, it's better to check your credit card statements. OnePlus said those who used a saved credit card and "Credit Card via PayPal" were not being affected by the breach.
Meanwhile, OnePlus is reportedly offering credit monitoring to all the victims free of cost. The company is also cooperating with the law enforcement and data protection authorities to further investigate the breach across regions where it operates.
"We cannot apologize enough for letting something like this happen. We are eternally grateful to have such a vigilant and informed the community, and it pains us to let you down," OnePlus said.
"We are in contact with potentially affected customers. We are working with our providers and local authorities to better address the incident. We are also working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit. All these measures will help us prevent such incidents from happening in the future," the company added.