If you gave your credit card number to OnePlus sometime between mid-November and last week, your card may have been comprised. The smartphone maker confirmed this morning through its online forum that upwards of 40,000 customers may have had their numbers exposed to hackers.
“Only a small subset of our customers is affected,” a spokesperson for the company told TechCrunch. OnePlus has sent out emails to users it believes may have been impacted after a malicious code was inserted into the company’s payment page, designed to sniff out credit card numbers.
“The malicious script operated intermittently, capturing and sending data directly from the user’s browser. It has since been eliminated,” a spokesperson wrote in the forum post. The company adds that it’s since taken action, by quarantining the affected server and putting additional safeguards in place.
The company disabled credit card transactions a few days back, after customers began noticing fraudulent charges on their account. It did, however, continue payments made through Paypal, which appear to not have been impacted by the hack. Customers using a card number entered prior to the aforementioned timeline also appear not to have been impacted by all of this. Card payments are currently still disabled on the site.
OnePlus credits its tight knit community in helping bring the issue to light. “We cannot apologize enough for letting something like this happen,” the spokesperson writes. “We are eternally grateful to have such a vigilant and informed community, and it pains us to let you down.”
OnePlus’ fanbase has remained fairly loyal to the company, in spite of a handful of very bumbles during the company’s short history. As The Verge notes, the company is also looking to make an aggressive push into the U.S. through carrier deals and doesn’t believe this latest issue will have much of a direct impact on its chances.