OnePlus has confirmed that it has been attacked and that up to 40,000 customers may have had their credit card details stolen.
This comes hot on the heels of when the company launched an investigation to look into users' reports that there have been fraudulent charges on their accounts after completing purchases on oneplus.net, the company's online shop.
How To Know If You're Affected
According to OnePlus' Jan. 19 update, it sent out an email only to those who are "potentially affected." Needless to say, that means you should be A-OK if you haven't received one.
It should be noted that customers who made purchases on oneplus.net using credit cards between mid-November and Jan. 11, 2018 are the only ones at risk here.
For good measure, it's recommended to check your credit card statement and look for any discrepancy, even if you're not one of them and regardless of whether or not you received an email from OnePlus.
Those who have any concern regarding the matter are advised to contact the OnePlus support team, and those who may have spotted any system vulnerabilities are encouraged to forward their findings to firstname.lastname@example.org.
Who Aren't Affected By The Credit Card Breach?
For a bit of good news, OnePlus says that those who paid using a saved credit card, the Credit Card via PayPal method, and PayPal shouldn't be affected by this.
The Breach: How Did It Happen?
OnePlus explains that this all started when one of its servers were hit and a malicious script was loaded into the oneplus.net page where payments are processed, which led to the company disabling the credit card payment method.
This allowed the culprits to steal customers' credit card numbers, expiration dates, and security codes.
"We are working with our providers and local authorities to better address the incident. We are also working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit. All these measures will help us prevent such incidents from happening in the future," OnePlus says.
Now it's still unclear how the malicious code was injected into its system, whether it was remotely or physically, but the important thing is that it's already been identified and that measures are being taken to prevent such an attack from happening again.
For the record, the company has already removed the malicious script and isolated the infected server.
This isn't the first time that OnePlus had a run-in with hackers. Back in November, it's been found out that hackers can take control of select OnePlus phones because of a root backdoor the smartphone maker hadn't removed.
With all said and done, have you noticed any fraudulent charges on your account after purchasing from oneplus.net? If so, feel free to hit us up in our comments section below and let us know.