【Pachinko Angel】

Things aren't looking so hot for approximately 40,Pachinko Angel000 OnePlus customers. And no, not because they'll probably have to wait until June to upgrade to the OnePlus 6.

It turns out that the company's website was hacked, and in the process credit card numbers and other payment information was likely stolen.

SEE ALSO: OnePlus issues statement as some buyers complain of credit card fraud

According to a statement issued by the Chinese smartphone manufacturer, "a malicious script was injected into the payment page code to sniff out credit card info while it was being entered."

What this means in practice is that, from roughly mid November of 2017 to January 11, 2018, any customer who put their credit card into OnePlus.net could have had it lifted by hackers. Some customers are already reporting fraudulent charges.

"The malicious script operated intermittently, capturing and sending data directly from the user's browser," the company said in a statement. "It has since been eliminated. We have quarantined the infected server and reinforced all relevant system structures."

OnePlus emailed the customers it believes might have been affected, and noted that both card expiration dates and security codes could also have been stolen.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

Original image has been replaced. Credit: Mashable

Security researchers at Fidus Information Security looked into the breach, and what they found doesn't look so good for OnePlus. According to a Fidus blogpost, "OnePlus do not appear to be PCI compliant, nor do they mention this anywhere on the website."

Why does this matter? PCI is short for Payment Card Industry Data Security Standard, and, according to the PCI Security Standards Council, the standards are "the operational and technical requirements for organizations accepting or processing payment transactions, and for software developers and manufacturers of applications and devices used in those transactions."

In other words, according to Fidus, OnePlus may not have been taking basic steps to protect its customers data. Like we said, not looking good.

So, what can you do if you got an email from OnePlus notifying you of the breach? Not much, unfortunately. OnePlus says you should check your bank statement for fraudulent charges, and reach out to the company for any "enquiries."

OnePlus will also offer "one year of credit monitoring to affected customers," according to a company spokesperson.

Somehow, for those who already had their credit cards stolen, we don't imagine these measures will provide much solace.

This story has been updated to note that OnePlus is offering limited credit monitoring.

---

Featured Video For You

---

The OnePlus 5T could have been perfect—if it weren't for its cameras

---

Topics Cybersecurity OnePlus

• Life
• Tech
• Digital Culture
• Science
• Entertainment
• Deals
• Games
• Shopping

• 5 Ways to Access a Locked Windows Account
• After nearly 20 years, the Space Station is getting a printer upgrade
• Amazon Big Spring Sale: Best treadmill deal
• Winter is more likely to make you sick than the coming Arctic blast
• Your 'wrong person' texts may be linked to Myanmar warlord
• Best Amazon Fire Kids Tablet deals: Save up to 42%
• Apple's iPad Pro could come with a matte display
• Rare frilled shark with unusual teeth and 'snake
• Best iPad deal: Save $132 on Apple iPad (10th Gen)
• TCU vs. USU basketball livestreams: How to watch live

• 'Avengers: Endgame': Where is every character after 'Infinity War'?
• Twitter responds to a dad's desperate plea to help his autistic son
• Departing the U.S. from an airport? Your face will be scanned.
• A herd of deer cause havoc during cross country race.
• FAA approves Google Wing drone service for deliveries in U.S.
• Some other dude named Mike Pence is owning his @mikepence Twitter handle
• 'Game of Thrones' fans are very worried about Winterfell's crypt
• Malala Yousafzai launched a YouTube series all about inspiring girls
• Ford wants to build a better app store for cars
• Google rolls out 'Avengers: Endgame' inspired Easter egg on search

• NYT mini crossword answers for May 9, 2025
• The FTC is looking into how Reddit licenses data before its IPO
• Trump slashed two national monuments but can't downsize national parks
• Amazon Spring Sale fitness deals: Peloton bikes and more up to 51% off at Amazon
• NYT Strands hints, answers for May 18
• Trump slashes protected national monuments, opening land for industry
• LAPD says navigation apps steered people to neighborhoods on fire
• Get up to 25% off Kodak instant cameras during Amazon's Big Spring Sale
• The Baffler’s May Day Round Up
• We wish this insanely creepy pre

• 10 Tech Predictions for 2017
• Amazon Spring Sale 2024: Best Fire TV Stick deals
• What is cockfishing? Why some men lie about their size on dating apps
• Copilot is plugging into Windows 11 File Explorer
• Your 'wrong person' texts may be linked to Myanmar warlord
• Are dating apps getting too niche?
• Wordle today: The answer and hints for March 19
• Djo's 'End of Beginning': Joe Keery scores a TikTok hit in the app's post
• NYT Connections Sports Edition hints and answers for May 19: Tips to solve Connections #238
• Truecaller has an AI upgrade for Android users to block robocalls