Over the last week, OnePlus has been investigating a potential security breach after multiple customers reported fraudulent charges following purchases made on the company’s online store. After shutting down credit card payments several days ago, OnePlus has confirmed that there was, in fact, a malicious script that has stolen credit card information from up to 40,000 customers…

In a forum post published this morning, OnePlus has confirmed the security breach. According to the internal investigation, a malicious script was running on one of the company’s payment processing servers and was able to capture customer’s full credit card numbers, expiration dates, and security codes directly from the user’s browser window.

Thankfully, OnePlus states that customers who made purchases using a saved credit card, a credit card processed by PayPal, or through a PayPal account should not be affected.

OnePlus is still investigating if the malicious script was loaded onto its servers remotely or if someone had physical access to the machine. Either way, the company has been able to identify the exploit. But for now, OnePlus is still not accepting credit cards as a form of payment.

If you’re someone who has entered your credit card information into the OnePlus website for any reason over the last several months, make sure to monitor your account for fraudulent charges or look into cancelling your card. If you were one of the 40,000 people affected, OnePlus should be reaching out soon with a free year of credit monitoring.

Check out 9to5Google on YouTube for more news:

FTC: We use income earning auto affiliate links. More.

Check out 9to5Google on YouTube for more news:

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Justin Duino

I’m a writer for 9to5Google with a background in IT and Android development. Follow me on Twitter to read my ramblings about tech and email me at justin@jaduino.com. Tips are always welcome.