Data breaches are now commonplace, but that doesn’t make them any less serious. So when a number of users reported seeing suspicious activity on their credit cards after buying something from OnePlus’ online store, the company launched an investigation to find out what really happened. Now the results are in, and it’s not looking good. As many as 40,000 customers who bought something on OnePlus.com from mid-November of 2017 up until last week potentially had their credit card info stolen by hackers.
A statement from OnePlus on its community forums says, “One of our systems was attacked, and a malicious script was injected into the payment page code to sniff out credit card info while it was being entered.” The script intermittently captured data before sending it from users’ browser back to the hackers responsible for the attack.
OnePlus says it has now quarantined the infected server and reinforced all related security systems. The company also claims users who paid using saved credit card information or PayPal were not affected. The people potentially at risk are those who entered new credit card info between mid-November 2017 and 11th January 2018.
If you do fall into that category, OnePlus should have already reached out via email. According to Android Police, the company is now trying to find a way to provide those customers with one year of free credit monitoring.
While it’s unfortunate that a large number of OnePlus customers may have had their credit card info stolen, this is just one more company in the long list of names that have had their payment systems compromised. It might sound pessimistic, but nowadays you can’t really rely on vendors—big or small—to keep your data safe. What a drag.