On Monday, January 15, OnePlus announced on its forums that some customers had reported fraudulent activity on credit and debit cards used for purchases on oneplus.net. It was unclear at the time how many people had been affected or what caused this in the first place, and just a day later, OnePlus removed the option to make payments with a credit/debit card from its site.
A few days later on January 19, OnePlus issued another update on its forums to confirm that this fraudulent activity was a result of a security breach that affected up to 40,000 users.
How in the world did this happen? According to OnePlus, a malicious script was added to the payment code of its site and sniffed out credit/debit card information as customers entered it. The script has since been eliminated, but it was active between mid-November of 2017 and January 11, 2018.
Thankfully, there are some caveats in regards to who's been affected. Per OnePlus:
- Users who paid via a saved credit card should NOT be affected
- Users who paid via the "Credit Card via PayPal" method should NOT be affected
- Users who paid via PayPal should NOT be affected
OnePlus says that it's in contact with customers that have fallen victim to this attack and that it's working with its payment processor and providers to ensure that something like this doesn't happen again. If you're unsure whether or not your card information has been compromised, keep an eye on your transaction history to confirm that any payments being made are ones you've authorized. If you want to be extra precautious (which we almost encourage in a case like this), it's not a bad idea to contact your bank, cancel your current card, and get a new one.
Even though I already asked you this question, does this new information impact your decision to do business with OnePlus in the future?
We may earn a commission for purchases using our links. Learn more.