OnePlus on Friday confirmed that the credit card information of at least 40,000 of its users were compromised after its systems were hacked. The company said it had emailed those who were possibly affected. This includes those who entered their credit card data on oneplus.net between mid-November 2017 and January 11, 2018.

“One of our systems was attacked, and a malicious script was injected into the payment page code to sniff out credit card info while it was being entered,” OnePlus said on its forum, adding that the script had been “eliminated”. “We have quarantined the infected server and reinforced all relevant system structures.”

The credit card information that may have been compromised includes card numbers, expiry dates and security codes. OnePlus clarified that users who made payments using a saved credit card should not be affected, neither should those who paid via the “Credit Card via PayPal” facility or just via PayPal.

OnePlus said it is working with its current payment providers “to implement a more secure credit card payment method” and conduct “an in-depth security audit”. “All these measures will help us prevent such incidents from happening in the future,” it said on the forum.

Earlier in the week, OnePlus had temporarily shut down credit card payments on oneplus.net “as a precaution” after reports that customers’ details were stolen. It disabled the service after a poll posted by users on the OnePlus forum found that many customers had experienced the credit card fraud.