OnePlus has revealed 40,000 customers have had their credit card information stolen as a result of the startling security breach, which is even worse than previously feared.
In a post on its community forums, the firm said it “cannot apologize enough for letting something like this happen,” after some customers reported hundreds of pounds in fraudulent charges.
Startlingly, despite the recent discovery of the fraud, OnePlus says the issue goes as far back as mid-November.
OnePlus said all (and only) affected users have been emailed with the offer of one year’s credit monitoring in an effort to repair the damage.
Within the email, the Chinese company urged customers to check their accounts for unrecognised charges. It advises people to contact their banks to initiate chargebacks.
One victim spoke out on Twitter, posting the contents of the email:
In the blog post the company explained: “One of our systems was attacked, and a malicious script was injected into the payment page code to sniff out credit card info while it was being entered.”
The company said those who used saved credit card info to make payments on OnePlus.net shouldn’t be affected, nor should those who paid via PayPal.
“We are in contact with potentially affected customers,” the company wrote.
“We are working with our providers and local authorities to better address the incident. We are also working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit. All these measures will help us prevent such incidents from happening in the future.”
The company is rapidly expanding its footprint and is aiming to sign accords with US mobile carriers in 2018.
Incidents like this will likely shake confidence in the firm as it seeks join the smartphone elite this year.
Do you still have faith in OnePlus after the credit card hack? Drop us a line @TrustedReviews on Twitter.