Bad news for OnePlus mobile users. OnePlus has announced that up to 40,000 customers were affected by the security breach caused customers’ credit card information to be stolen while they were purchasing OnePlus products. Earlier this week, OnePlus has shut down credit card payments for its online store.
OnePlus realized this information as the result of an ongoing investigation with a third-party security agency into the security breach.
OnePlus says that the script that stole the data had been running on one of its payment processing servers since mid-November. The script was able to capture full credit card information, including card numbers, expiry dates, and security codes directly from a customer’s browser window. The company says it has determined where the exploit happened and has found the point of entry for the attacker, but the investigation remains ongoing. It’s not yet clear if the attack was done remotely, or if someone had physical access to the server to install the script.
OnePlus has posted more information about this breach on their forum.
Credit card payments will remain suspended on the OnePlus.net store until the investigation is complete, with customers able to purchase items through PayPal in the meantime. OnePlus says it is working to implement a more secure credit card payment method before it re-enables them.