OnePlus had admitted that the payment system on oneplus.net had been compromised for about two months. The company said that malware was injected into the payment server, and had captured payment details from people who had entered their information between November 2017 and January 11, 2018.
The malware itself wasn’t capable of accessing stored payment information, leaving most of OnePlus’ customer safe from the attack. However, over 40,000 customers are said to have been affected.
Reports of suspicious credit card activity after buying from the OnePlus online store surfaced last week; with a number of customers sharing information over the official forum. OnePlus subsequently shut down its payment system for investigation, and found that one of its servers contained malware.
The danger of using the OnePlus online store has passed, and the company has thanked its customers for raising the issue over the forums. It’s currently contacting those that it believes have been affected by the episode.
[Source: OnePlus forum]