Things aren't looking so hot for approximately 40,China000 OnePlus customers. And no, not because they'll probably have to wait until June to upgrade to the OnePlus 6.
It turns out that the company's website was hacked, and in the process credit card numbers and other payment information was likely stolen.
SEE ALSO: OnePlus issues statement as some buyers complain of credit card fraudAccording to a statement issued by the Chinese smartphone manufacturer, "a malicious script was injected into the payment page code to sniff out credit card info while it was being entered."
What this means in practice is that, from roughly mid November of 2017 to January 11, 2018, any customer who put their credit card into OnePlus.net could have had it lifted by hackers. Some customers are already reporting fraudulent charges.
"The malicious script operated intermittently, capturing and sending data directly from the user's browser," the company said in a statement. "It has since been eliminated. We have quarantined the infected server and reinforced all relevant system structures."
OnePlus emailed the customers it believes might have been affected, and noted that both card expiration dates and security codes could also have been stolen.
Original image has been replaced. Credit: Mashable Security researchers at Fidus Information Security looked into the breach, and what they found doesn't look so good for OnePlus. According to a Fidus blogpost, "OnePlus do not appear to be PCI compliant, nor do they mention this anywhere on the website."
Why does this matter? PCI is short for Payment Card Industry Data Security Standard, and, according to the PCI Security Standards Council, the standards are "the operational and technical requirements for organizations accepting or processing payment transactions, and for software developers and manufacturers of applications and devices used in those transactions."
In other words, according to Fidus, OnePlus may not have been taking basic steps to protect its customers data. Like we said, not looking good.
So, what can you do if you got an email from OnePlus notifying you of the breach? Not much, unfortunately. OnePlus says you should check your bank statement for fraudulent charges, and reach out to the company for any "enquiries."
OnePlus will also offer "one year of credit monitoring to affected customers," according to a company spokesperson.
Somehow, for those who already had their credit cards stolen, we don't imagine these measures will provide much solace.
This story has been updated to note that OnePlus is offering limited credit monitoring.
Topics Cybersecurity OnePlus
The Sound and the “Furious”
Adele has no time for this security guard who told her fans to sit down
Food blogger creates Easter egg made of the most delicious substance in the world
This drunk burglar stuck in the window of the store he robbed is all of our worst decisions
NYT Strands hints, answers for May 18
This week in apps: Alexa on your iPhone and yet another Snapchat clone
The first American hoverboard fire deaths are now part of a federal investigation
This crazy buzzer
Outdoor speaker deal: Save $20 on the Soundcore Boom 2
Twitter mourns the millions of brackets lost with Wisconsin's upset March Madness win
The Mismeasure of Media
The first American hoverboard fire deaths are now part of a federal investigation
'The Flash' will face a very different kind of villain in Season 4
Tale as old as time: Disney's 'Beauty and the Beast' debuts at $170 million
NYT Connections hints and answers for May 2: Tips to solve 'Connections' #691.
Trump wants the border wall to be tall, strong and hot. Smoking hot.
'Broadchurch' is the best British crime show you're not watching
Flight attendant nails Britney's 'Toxic' video with onboard dance number
Nvidia DLSS: An Early Investigation
Meet Roadie, the Ludacris
Remembering the Dell Mapbacks SeriesWilliams Found Plums in the Icebox—Do They Belong There?Alphabet Finds Google at Its Most MachiavellianRemembering Nabokov as an American WriterThe Teddy Bears’ PicnicThe Horror of Philosophy, the Philosophy of HorrorAvoid This Book: The Direction of Hair in Animals and ManRemembering Nabokov as an American WriterRemembering Gordon BishopThink Like a Mountain—Aldo Leopold’s Path to ConservationismRage at the Shoestore, Or, Am I Becoming My Mother?Staff Picks: Buses, Basements, Boots, BedDocumenting the DooBonnet Books: Paperbacks for the Patriarchy?My Grandmother’s Wheelchair by Stephen HiltnerThe Book Cover in the Weimar RepublicChina Has Ripped Off Anish Kapoor’s “Bean” SculptureSwimming with Oliver SacksWhat Happened to “O”? The Death of an ExclamationToday Is the Final Day for Our Joint Subscription Deal Viral Chinese bubble tea brand Sexy Tea aiming for Hong Kong IPO this year · TechNode Douyin to enter offline payment field with $190 million purchase of third Alibaba to pour $1.1 billion into South Korean market in chase for growth · TechNode Display panel maker BOE launches $8.72 billion production line construction · TechNode Tencent Cloud says recent service failure results from cloud API anomalies · TechNode CCTV debuts AI anchors as part of Two Sessions coverage · TechNode JD to offer cheaper delivery services, bets big on on China’s group Beijing grants greater independence for EV development of state 11 Alibaba apps begin development for Huawei HarmonyOS · TechNode Alibaba Cloud to support free training based on Llama 3 for a certain period · TechNode Tencent developing mobile version of hit title Palworld: report · TechNode VW Tiguan to use drone maker DJI’s ADAS technology for urban driving · TechNode Douyin restructures local service sector to counter rivals: report · TechNode Xiaomi EV delivery wait time extended to more than five months · TechNode Vivo unveils X Fold3, the lightest and thinnest book Sony China refutes recent reports of smartphone withdrawal in China · TechNode FIMI launches Mini 3 drone featuring Sony 48MP sensor and 249g weight · TechNode Huawei P series re Genshin Impact developer miHoYo makes debut in top 10 among global top 50 publishers · TechNode