OnePlus has sent a letter to customers this morning, and confirmed in a post on the company's forums, that it was the target of a credit card hack. The attack was accomplished via a malicious script injected into the OnePlus.net payment page code, and allowed the attackers to see customer's credit card numbers, expiration dates, and security codes - enough information to easily allow those cards to be used for fraudulent purchases. Days ago, some users had begun reporting fraudulent card activity on cards they'd used on the site.

OnePlus says the code was injected into its servers sometime in mid-November - just as the OnePlus 5T was about to launch. OnePlus is uncertain how many customers' card numbers were actually compromised, but it's sending a message to anyone who may have been affected this morning to let them know. A total of 40,000 customers are in the potentially affected group. OnePlus says saved credit cards entered into its systems before mid-November are not affected, nor were PayPal customers.

The company is conducting a security audit and will be implementing a more secure form of credit card payment at some point in the future, but you can probably assume that for the time being PayPal will remain the only available payment option. Undoubtedly, the lack of a credit card payment option is going to affect OnePlus' sales numbers here in the US, and the damage to the company's reputation has got to be a major concern.

OnePlus will be figuring out a way to provide the potentially affected group of customers free credit monitoring for one year, but your best course of action here if you received an email from OnePlus is to cancel the credit card associated with your account. OnePlus says cards saved in its system before the breach in November are safe, so if that's the case for you, maybe just keep an eye on things. But if you gave OnePlus your credit card information in the last two months, you need to act now.

Here's the full statement from OnePlus.