OnePlus has revealed it has been hit by a cyber-attack that saw hackers steal the credit card details of thousands of its customers.
The smartphone maker said that up to 40,000 users could be affected after hackers exploited a loophole in its payment system. OnePlus said it had now contacted anyone it believed to be hit by the attack, and for customers to check their card statements.
In a statement on its community forum, OnePlus said that customers who had made a payment on its site between mid-November 2017 and 11 January 2018 could be affected.
The company said that, "a malicious script" injected into the payment page code was to blame, which was able to detect credit card information whilst it was being entered. Customers who used the site outside of the times mentioned would not have been affected, OnePlus said, as would anyone using alternate payment methods such as PayPal.
OnePlus has now stopped taking card payments via its website, and is offering affected customers assistance free of charge.
"We are deeply sorry to announce that we have indeed been attacked," the statement added, "We are eternally grateful to have such a vigilant and informed community, and it pains us to let you down."