OnePlus have suffer a leaked info of 40.000 user’s credits cards.
Attacker’s identity are unknowns at the moment, OnePlus are working each together with local authorities are investigating to identify them.
Incident was detected on January 11, 2018. The investigators reported the incident was working between mid-November 2017 and January 2018.
A malicious Script was injected on OnPlus payment page that allowed to sniffing info. The script affected to users who entered their credit card info, users who used others payment ways shouldn’t be affected.
From OnePlus have sent out an email to all possibly affected users. Their recommend to users who make a payment on OnePlus page to check the credit card statement and report any change you don’t recognize to your bank and OnePlus support team.
Temporarily OnePlus are disabling credit card payments and are working to improving security on payments.