OnePlus notes that customers that are affected by the data breach include those that entered their credit card information on its website from mid-November 2017 to January 11, 2018. The Verge reports that the OnePlus credit card breach was able to capture full credit card information, which includes card numbers, expiration dates, and security codes just from entry into the browser window.
OnePlus says that the hack occurred thanks to a malicious script inserted into the OnePlus.net payment page code. The company says users who purchased items from its website between mid-November and January 11 stand at risk, though not if they used a credit card saved before that time or any of the PayPal-related payment options.
According to ZDNet, the cause of the breach was not immediately known. The company adds that those using a saved credit card, and those who paid with the "Credit Card via PayPal" option should not be affected.
Last week, we started hearing word of a potential security breach over at OnePlus.
It said the malicious script ran "intermittently" and has now been expunged from the affected server.
Pope marries flight attendants in mid-air wedding
Francis motioned for them to sit next to him for the photo and asked if they had been married in the church. "I said, 'Well, yes". The Associated Press reports that it was an impromptu wedding between two flight attendants on Chile's flagship carrier, LATAM.
It's unclear exactly when this attack took place and for how long OnePlus has been sitting on the information, but it told customers that it "launched an urgent investigation", as soon as it was made aware of the attack. Everyone else may want to verify their recent card statements and report any suspicious charges to their bank.
OnePlus is looking into providing a year of free credit monitoring for affected users.
"We can not apologise enough for letting something like this happen", wrote OnePlus in its update. OnePlus says that it has now quarantined the infected server and also eliminated that script. You can contact the OnePlus support team if you need further assistance.
OnePlus is already in the process of getting in touch with all the potentially affected customers, and is working with the local authorities to address the incident better.
Going forward, the OEM wants to avoid similar attacks by implementing a more secure credit card payment method, as well as conducting an in-depth security audit.