40,000 Impacted by OnePlus Breach: What to Do

Editors' Note: We've updated this report with comment from OnePlus.

Earlier in the week, we learned OnePlus’ online store was compromised following reports of fraudulent charges on customers’ payment accounts after completing purchases on the phone maker’s site. As it turns out, as many as 40,000 customers may have been affected.

OnePlus sought the insights of a third-party security agency following the initial reports, who discovered a script running on one of the servers responsible for handling transactions on the company’s website. Despite the fact that OnePlus said earlier that customers’ payment data is "never processed or saved" on its site, this script was able to lift everything — card numbers, security codes, and expiration dates — right from the text fields before checkout.

Shortly after customers began noticing fraudulent transactions on their own statements, OnePlus stopped allowing payment via credit cards. The company says users who purchased items from its website between mid-November and Jan. 11 stand at risk, though not if they used a credit card saved before that time or any of the PayPal-related payment options.

MORE: What to Do After a Data Breach: A Step-by-Step Guide

OnePlus says it has eliminated the malicious script in question and stopped using the infected server, so the problems shouldn’t persist. Nevertheless, if you believe you’re at risk, our recommendations remain the same: Check your statements carefully and report anything suspicious to your card issuer. You're almost certainly off the hook for any fraudulent use as long as you report what you've seen in a reasonable timeframe.

It would be easy to recommend prospective OnePlus customers buy the company’s products somewhere else for the time being, but unfortunately OnePlus doesn’t partner with any third-party retailers. If you decide to buy something, your only option for now is PayPal, which should continue to work safely as it doesn’t require you to enter any sensitive information that would be potentially intercepted before it reaches OnePlus' servers.

OnePlus has stated it is working on replacing the existing payment platform with something more secure. When asked how long that might take, a representative told Tom's Guide that while the company "cannot offer an exact timeline," it is "working on removing [its] systems entirely from the payments process."

"We’ve worked with a cybersecurity firm to conduct a full security audit and are testing our new payments solution," the spokesperson added. "In the meantime, customers will have the PayPal option to purchase products."

If you have any questions, OnePlus’ FAQ on the matter hosted on its community forums describes the breach in greater detail, and offers resources for those whose information has been compromised. The company says it has reached out to these users via email, and according to The Verge, it will provide them with free credit card monitoring for a year.

Best Identity Protection Services

TOPICS

Adam Ismail is a staff writer at Jalopnik and previously worked on Tom's Guide covering smartphones, car tech and gaming. His love for all things mobile began with the original Motorola Droid; since then he’s owned a variety of Android and iOS-powered handsets, refusing to stay loyal to one platform. His work has also appeared on Digital Trends and GTPlanet. When he’s not fiddling with the latest devices, he’s at an indie pop show, recording a podcast or playing Sega Dreamcast.

Latest in Online Security
A magnifying glass on top of the Steam logo in a web browser
Valve just pulled a malicious game demo spreading info-stealing malware from Steam
A man filing his taxes electronically on a laptop
AI-powered tax scams are here - how to stay safe from deepfakes, phishing and more this tax season
MacBook Pro 2023
New Mac attack is tricking users into thinking their computer is locked — how to stay safe
Hacker using a stolen social security card
Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Green skull on smartphone screen.
Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe
Latest in News
Apple Watch Series 10
Future Apple Watch models could get a surprising new feature — what we know
NYT Strands on a cellphone
NYT Strands today — hints, spangram and answers for game #386 (Monday, March 24 2025)
iPhone 16 Pro vs iPhone 16 Pro Max in hand showing displays
Forget iPhone 17 — iPhone 18 could get this huge upgrade
The new Husqvarna iQ series robot lawn mower.
Husqvarna’s new robot mowers offer GPS for less
Rendered images of rumored foldable iPhone.
Foldable iPhone report just revealed key details — here's what we know
NYTimes Connections
NYT Connections today hints and answers — Sunday, March 23 (#651)