A card breach has been confirmed as a result of a malicious script that was injected on OnePlus’s online store. The company is now in the midst of sending affected customers notification emails regarding the incident. Only users who entered their payment card details on the site between mid-November 2017 and January 11, 2018, are affected, the company said. OnePlus estimated the number of affected customers at 40,000, and said that all people they believe to be expected would receive a notification email. Customers who bought products via PayPal, or had saved details in their store account were not affected.
Source: https://www.bleepingcomputer.com/news/security/oneplus-malicious-script-on-online-store-stole-card-details-for-40k-customers/