A significant number of OnePlus customers have reported suspicious activity on the credit cards they’d used to purchase a OnePlus phone.
According to this post on the company’s official forums, 73 customers who had purchased something from OnePlus using their credit card in the last two months have had fraudulent charges on their card.
“I purchased two phones with two different credit cards (…) Yesterday I was notified on one of the credit cards of suspected fraudulent activity, I logged onto credit card site and verified that there were several transactions that I did not make. I went through the process and switched accounts… no big deal. Today same thing with the other credit card,” wrote one customer.
“Same thing happened to me. Placed two orders with OnePlus on the 9th and 10th January 2018. I’ve used two different business credit cards, that I have not used for any other transaction in over a year. This morning (…) I received a call from my bank, asking me about a fraudulent charge of 50 £ on one of the cards,” wrote another.
On Monday, OnePlus posted an official update regarding the situation. The company is looking into the issue, which appears to be connected with direct credit card payments only and not PayPal purchases.
OnePlus claims it does not store credit card info on its website, and the payments are processed by their partner “over an encrypted connection, and processed on their secure servers.” Even if the customer had used the “save this card for future transactions” feature, complete card info still wasn’t stored on OnePlus’s website. Finally, the company also claims its website is not affected by the Magento bug.
OnePlus’ statement, while timely, does not really help its customers much, as it in no way identifies any actual issue that might have caused customers’ credit card info to be stolen. The company says it’s conducting a “complete audit” and will update the customers on its findings.