OnePlus confirms credit card hack was active for two months, up to 40,000 users affected

Earlier this week it was reported that OnePlus might have a problem with securing credit card data, and then just a couple of days later, the smartphone maker disabled credit payments on its site after customers complained of fraudulent activity on their cards. Today, OnePlus has sent an email admitting that it the victim of a credit card hack that began just before the launch of the OnePlus 5T that may affect up to 40,000 customers.

The attack was accomplished via a malicious script placed in the payment code on its site that logged the numbers of the credit/debit cards as the customers typed them in. The malicious script was active from around mid-November to January 11, collecting details such as credit card numbers, expiration dates, and security (CVV) codes. Basically, the script collected everything necessary to make fraudulent purchases. OnePlus has said that customers who already had bank card details saved on the site or who used PayPal to pay for an order between mid-November and January 11 should not be affected by the attack. While OnePlus is performing a security audit, paying via PayPal would appear the only form of payment accepted on the OnePlus site for the foreseeable future.

If you placed an order on the OnePlus site between mid-November and January 11 and paid with a credit/debit card, it’s a good idea to get in touch with your card provider to get it canceled and a replacement sent out. Better safe than sorry, and all that.

OnePlus says that it has contacted affected customers via email and that it recommends checking bank statements for dodgy transactions. If is anything suspicious on your statement, get in touch with your bank to organize a chargeback. If you have any questions to ask OnePlus, send off an email to without delay.

Let us know in the comments below if the data breach affects your willingness to buy a phone from OnePlus in future. You can read the entire statement from OnePlus below:

Hi all,

We are deeply sorry to announce that we have indeed been attacked, and up to 40k users at may be affected by the incident. We have sent out an email to all possibly affected users.

1. What happened

One of our systems was attacked, and a malicious script was injected into the payment page code to sniff out credit card info while it was being entered.

  • The malicious script operated intermittently, capturing and sending data directly from the user’s browser. It has since been eliminated.
  • We have quarantined the infected server and reinforced all relevant system structures.

2. Who’s affected

  • Some users who entered their credit card info on between mid-November 2017 and January 11, 2018, may be affected.
    • Credit card info (card numbers, expiry dates and security codes) entered at during this period may be compromised.
    • Users who paid via a saved credit card should NOT be affected.
    • Users who paid via the “Credit Card via PayPal” method should NOT be affected.
    • Users who paid via PayPal should NOT be affected.
  • We have contacted potentially affected users via email.

3. What you can do

  • We recommend that you check your card statements and report any charges you don’t recognize to your bank. They will help you initiate a chargeback and prevent any financial loss.
  • For enquiries, please get in touch with our support team at
  • If you notice any potential system vulnerabilities, please report them to This is a monitored inbox, but please note, we may not be able to respond to all reports.

4. What we are doing

We cannot apologize enough for letting something like this happen. We are eternally grateful to have such a vigilant and informed community, and it pains us to let you down.

We are in contact with potentially affected customers. We are working with our providers and local authorities to better address the incident. We are also working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit. All these measures will help us prevent such incidents from happening in the future.

The OnePlus Team

About the Author: Peter Holden

He's been an Android fan ever since owning an HTC Hero, with the Dell Streak being his first phablet. He currently carries a Pixel 2 XL, Huawei P20 Pro, and a Huawei MediaPad M5 (8.4) in his pockets and thinks nothing of lugging a 17-inch laptop around in his backpack. When not immersed in the world of Android and gadgets, he's an avid sports fan, and like all South Africans, he loves a good Braai (BBQ).