Reports from an ongoing investigation with a third-party security agency into the breach revealed that as customers were purchasing OnePlus products, credit card information was reported to be stolen, leading the company to shut down credit card payments for its online store.
A report that appeared on The Verge, while quoting OnePlus, said the script that stole the data had been running on one of its payment processing servers since mid-November, although reports of data breach surfaced only in the past week.
It is said that the script was able to capture full credit card information, including card numbers, expiry dates, and security codes directly from a customer's browser window.
Further, the article noted that the company has determined where the exploit happened and has found the point of entry for the attacker, but the investigation remains ongoing.
"It's not yet clear if the attack was done remotely, or if someone had physical access to the server to install the script."
While nearly 40,000 people remain affected, this, the company says, is a "small subset" of its customer base, and is reaching out to its vast expanse to secure their data. It is reportedly offering a year of credit monitoring service for free.
Furthermore, the company assured that it is working to create and implement a more robust and secure payment method. (ANI)