Chinese budget smartphone manufacturer OnePlus announced on its support forum today, Jan. 19, that some customers who purchased phones through its website between the middle of November 2017 and Jan. 11 may have had their credit card information exposed to hackers.
The company said that up to 40,000 people may have had their card details leaked through a piece of malicious code injected into OnePlus’ payment page. It’s unclear what portion of OnePlus’ holiday sales this represents, but the company added that anyone who paid through a credit card already saved in its system, or who chose to pay through PayPal, were likely not affected.
OnePlus says it’s quarantined the affected server, and contacted those it believes may have been affected by the security breach. But if you bought a phone during that period and are concerned, the company suggests you contact it, and check with your bank to see if there are any charges you don’t recognize.
The company wasn’t immediately available to provide any further information on the security flaw, but did thank one of its forum members for initially spotting the bug a few days ago.