If you bought a OnePlus 5T, your credit card info may have been stolen

40,000 customers may be affected.

Credit: Doug Duvall/IDG

After launching an investigation into reports of a credit card breach on its website, OnePlus has announced some grim findings: Up to 40,000 customers may have had their credit card data stolen. That includes card numbers, expirations dates, and CVV codes entered at oneplus.net.

The culprit for the breach, according to OnePlus, is a rogue script that was injected into the payment page code and able to capture unencrypted credit card info from customers’ browser windows. The company says the exploit has been running since the OnePlus 5T launched in November, though it affected all sales made through the website. It’s unclear whether the attack was triggered remotely or internally.

[ Further reading: The best Android phones ]

Incidentally, the breach only seems to have affected customers using a new credit card on the site. OnePlus says those who used a previously saved card or PayPal to check out shouldn’t be impacted. The company shut down its credit card processing system on January 16 after reports surfaced of fraudulent charges popping up on customers’ credit card statements. Customers are still able to purchase phones via PayPal.

OnePlus is continuing to investigate the issue with the help of a third-party cybersecurity firm but has offered no window for when credit card purchasing will be restored on its website. It says it will be reinforcing its system with tougher security measures and is looking into offering a free one-year subscription to a credit-monitoring firm to all affected users.

oneplus 5t full Doug Duvall/IDG

The OnePlus 5T.

In a form post OnePlus said, “We cannot apologize enough for letting something like this happen. We are eternally grateful to have such a vigilant and informed community, and it pains us to let you down.”

If you purchased a OnePlus 5T or any other phone through the OnePlus website, you should call the issuer of the credit card you used to see about getting a replacement card with a new number.

Why this matters: Any credit card breach is a big deal, but this one hits especially hard for OnePlus. Since OnePlus sells unlocked phones and doesn’t have a presence in U.S. carrier stores, a large portion of its sales are conducted directly through its website. Shutting down its credit card processing system will undoubtedly affect sales, as will the public fallout from this breach.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags OnePlus

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Michael Simon

Michael Simon

PC World (US online)
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?