OnePlus has been on the rise, thanks to the performance of their smartphones, which although they are cheaper than some top of the range, can compete in performance.
But now, bad news for the Chinese company: Its customers' credit card details have been revealed online.
Around 40 1,000 consumers may have their financial data at risk - this information includes card numbers, expiration dates, and CVV security codes entered on oneplus.net.
The source of failure
According to the OnePlus investigation, the malfunction was caused by a malicious script that was injected into the pay page code and can capture unencrypted credit card information from users' browser windows. This exploit has been active since the release of OnePlus 5T in November of 2017.
If users have used the site before November, or have used the PayPal gateway to place the order, they should not be affected.
The company has shut down its credit card processing system, but consumers can still buy smartphones through the site using PayPal.
OnePlus continues to investigate, with the help of an outsourced security company, promising to strengthen the system with more effective security measures.
Given the success of the brand, it remains to be seen how potential buyers of the brand will react…