According to OnePlus, that means that as many as 40,000 customers are affected and could potentially begin seeing fraudulent charges on their credit cards (if they haven't already, like many other customers). The company is in the process of emailing customer that are potentially affected by this security breach.
After a thorough audit of its system, OnePlus discovered that a malicious script was injected into to the code for the webpage that processes payments, and in the process was able to retrieve credit card details. OnePlus goes on to say that it "quarantined the infected server and reinforced all relevant system structures."
OnePlus is quick to point out that anyone that paid for their purchase with a saved credit card or using PayPal (including Credit Card via PayPal) are not affected by this breach. Credit payment processing remains disabled on the site.
"We are working with our providers and local authorities to better address the incident," wrote the OnePlus Team in a forum posting. "We are also working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit. All these measures will help us prevent such incidents from happening in the future."
This latest security incident, coupled with OnePlus' previously lax policy regarding customer privacy might sour the company's efforts to cozy up with American's "Big Four" wireless carriers. Chinese counterpart Huawei has already found out the hard way that the U.S. government isn't receptive to such deals taking place.