Just a few days ago, OnePlus gave us an update regarding suspicious credit card activity for customers who bought products from the company’s online store, stating that its investigating the issue and also shutting down credit card payments for its website. Today, the Chinese manufacturer confirmed on its official forums that as many as 40000 customers may have been impacted by the credit card security breach.
The company also notes that customers who’d used their credit cards to purcahse items on its online store between mid-Novemeber and last week might have their credit card details compromised.
OnePlus explains that the script that led to the credit card security breach had been active on its payment processing servers since mid-November. This casued customers’ credit card information to be stolen, including card numbers, expiry dates, as well as security codes directly through the customer’s browser window.
“The malicious script operated intermittently, capturing and sending data directly from the user’s browser. It has since been eliminated,” wrote OnePlus in the blog.
However, OnePlus also notes that customers who paid using a saved credit card, or made purchases via third party services such as PayPal have not been impacted.
The company has now suspended the use credit crad transactions on its online store until the matter is fully resolved. Though, in the meantime, customers can make purchases via PayPal. OnePlus says that it has sent out an email to all users who may have been affected by the breach, and has issued an apology to its cutsomers.
“We cannot apologize enough for letting something like this happen. We are eternally grateful to have such a vigilant and informed community, and it pains us to let you down,” wrote OnePlus in the forum post.
OnePlus advises affected users to check their credit card statements and report any unsual credit card activity to their bank to reverse the charges.