Earlier this week it leaked that it was possible that the OnePlus website had been hacked. The news originated after users who had bought from the brand's online store received strange charges on their credit cards. This has only happened with those users who paid with a credit card. A few days after the first information was made public, OnePlus has confirmed the hack.
The data that the company has published are worrying to say the least. Since there could be up to 40.000 users affected by the theft of data from the website.
As OnePlus itself has commented, a script was injected on the final purchase page. Thanks to the same intercepted users' credit card details. Therefore, it is a serious violation of the payment system of the website. It seems that said script has been around since November, when the OnePlus 5T was launched.
The only ones affected by this script in the payment system are users who paid with a credit card and they didn't have it saved. Because those who have paid with PayPal or have a saved credit card are not in danger. At least that's what the company has confirmed.
The company has commented that has already contacted all potentially affected users. The 40.000 users, although there may be users who have not received anything. Or others who have seen strange movements after buying on the OnePlus website. Therefore, the company asks users to contact them via support@oneplus.net.
They also thank the user community for being so well informed and taking action so quickly. It is certainly a serious security problem that OnePlus faces. Therefore, we hope that the company has taken the necessary measures to solve it. Although, there are still many unknowns in the air about the origin of this script.