Flash
Lost in speed
OnePlus has posted a FAQ on the incident.
"One of our systems was attacked," the post reads. "A malicious script was injected into the payment page code to sniff out credit card info while it was being entered." OnePlus believes the script was functional from "mid-November 2017" to January 11, 2018, and it captured credit card numbers, expiration dates, and security codes that were typed into the site during that time. Users who paid via PayPal or previously entered credit card information are not believed to be affected.
Source: OnePlus got pwned, exposed up to 40,000 users to credit card fraud
"One of our systems was attacked," the post reads. "A malicious script was injected into the payment page code to sniff out credit card info while it was being entered." OnePlus believes the script was functional from "mid-November 2017" to January 11, 2018, and it captured credit card numbers, expiration dates, and security codes that were typed into the site during that time. Users who paid via PayPal or previously entered credit card information are not believed to be affected.
Source: OnePlus got pwned, exposed up to 40,000 users to credit card fraud