OnePlus said the security incident was caused by a malicious script on one of its payment servers since mid-November 2017.
Luckily thanks to the research of third-party security companies, OnePlus has discovered how and where the attacks are carried out on its servers.
According to OnePlus recognition, as many as 40,000 consumers have been victims of such security gaps. The China-based company calls the amount as a small part of its total customers.
The stolen information includes credit card numbers, expiration dates and security codes. The malicious script sends the data directly from the consumer's browser, but it has been resolved.
Regarding this security incident, consumers who make a purchase through OnePlus website using a credit card between mid November 2017 to January 11, 2018, are required to check the monthly bill.
If one becomes a victim, most likely cyber criminals use their credit card data to conduct online transactions.
OnePlus has apologized to consumers for this security incident. The company feels guilty of this happening and did not realize it early on.
"We are endlessly apologizing for this sort of thing happening.We are grateful to have a vigilant community and we are very sad to have let you down," OnePlus wrote in its official statement.
OnePlus said it is currently contacting consumers who have become victims. The company also works with local authorities to better deal with the issue.
"We also work with our payment providers to implement safer credit card payment methods, and conduct deep security audits, all of these actions will help us prevent such incidents from happening in the future," the company continued.