A malicious script was injected into payment page code to sniff out credit card info. Up to 40k users at oneplus.net may be affected by the incident. Users who paid via a saved credit card should not be affected. PayPal is still available, and we are exploring alternative secure payment options with service providers. Users should check their credit card statements and report any charges you dont recognize to your bank. They will help you initiate a chargeback and prevent any financial loss. Your card info is never processed or saved on our website.”]
Source: https://forums.oneplus.com/threads/jan-19-update-an-update-on-credit-card-security.752415/