At the beginning of the week, we first shared news with you about a potential security breach at OnePlus’ online store, where customer credit card information was potentially stolen. After investigating the matter, OnePlus has confirmed this morning that up to 40,000 customers were affected by a breach where credit card info was indeed stolen.
Here’s what you need to know:
- A malicious script was apparently injected into one of OnePlus’ servers and was capturing credit data before sending it off to the bad guys. OnePlus says that it has now quarantined the infected server and also eliminated that script.
- That script was capturing data between mid-November and January 11, 2018.
- If you entered in credit card info on OnePlus’ store during that time, there is a chance that your information was captured. OnePlus says they have reached out (or will soon) to customers they believe to have been affected.
- If you paid with an already-saved credit card on the OnePlus store during that time, you “should not be affected.”
- If you paid via PayPal and used a credit card, you should be fine.
- If you paid via PayPal in general, it sounds like you should be fine.
What’s happening now?
Again, OnePlus is contacting customers it believes were affected. If you bought anything from OnePlus during that time, though, and used a credit card, you should pay close attention to any transactions that come through. Also, if you see anything or have questions, you can contact OnePlus here.
Finally, OnePlus says that they are working with providers and local authorities to “better address the incident.” They are working with payment providers as well to “implement a more secure credit card payment method, as well as conducting an in-depth security audit.”
Have a nice Friday.