If you bought a OnePlus phone such as the between November and January, you'd best check your credit card statement.
The phone maker on Friday confirmed in a statement that its website, oneplus.net, was hacked, potentially exposing the detailed credit card information of up to 40,000 customers.
The company sent an email to customers saying that card numbers, expiration dates and security codes "may have been compromised."
A malicious script on the company's pages was inserted, harvesting the information from web browsers. The company says it has been removed, but customers who entered information into the site between mid-November 2017 and Jan. 11, 2018 could be at risk.
The cause of the breach was not immediately known, ZDNet reports. Reached for comment, a OnePlus representative offered no further details beyond the company's statement.