Industry News

OnePlus hacked; credit card info of 40,000 customers compromised

Hackers attacked the web site of smartphone manufacturer OnePlus and compromised credit card information of up to 40,000 customers, the Shenzhen, China-based company has confirmed.

In a January 19 forum post, OnePlus reveals a malicious script was injected into its payment page code after hackers successfully penetrated one of its systems. The script ran intermittently but could sniff out credit card information as it was entered.

“We are deeply sorry to announce that we have indeed been attacked, and up to 40k users at may be affected by the incident. We have sent out an email to all possibly affected users,” the company says.

“We cannot apologize enough for letting something like this happen. We are eternally grateful to have such a vigilant and informed community, and it pains us to let you down.”

The phone maker reveals that had been under attack for an extended period – from mid-November 2017 to January 11, 2018. Credit card information (including card numbers, expiry dates and security codes) entered at during this time “may be compromised,” the company says.

Customers shopping with a “saved” credit card (i.e. who didn’t have to enter the information manually) should not be affected. The same applies to users who paid with “credit card via PayPal,” and users who paid with PayPal itself.

The threat has since been eliminated, and OnePlus has quarantined the infected server. The company is working with payment providers and local authorities to better understand how hackers infiltrated its systems. As it conducts its audit, OnePlus is also implementing “a more secure” credit card payment method.

In the meantime, customers who received OnePlus’s email about the hack are instructed to check their card statements and report any suspicious activity to their bank. Users who happen upon “potential system vulnerabilities” on the website are urged to report them to

About the author


Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. Filip currently serves as Information Security Analyst with Bitdefender.