Up to 40,000 users of OnePlus smartphones may have been hit by the attack on company website that led to fraudulent transactions on their credit cards. The revelation came a week after many customers reported fraudulent charges on their credit cards that they made purchases via official company site.

As per an update that was posted on the OnePlus forum by a staffer on Friday, the official investigation by the Chinese tech giant has found that the incident took place due to a malicious code that had been injected on the payment page of the site.

“One of our systems was attacked, and a malicious script was injected into the payment page code to sniff out credit card info while it was being entered… the malicious script operated intermittently, capturing and sending data directly from the user's browser. It has since been eliminated,” informed the statement on the forum which also assured customers that the company had quarantined the infected server and reinforced all relevant system structures besides informing all customers who were likely affected.

As per the company, the customers who have become affected by the fraud are those who entered their credit card info on oneplus.net between mid-November and 11th of January. It is believed that all key details of the credit cards, including numbers, expiry dates and security dates may have been acquired by the scammers.

The news about the credit card fraud through the OnePlus website has further dented the image of the Chinese manufacturer. The credit card issue comes months after a news emerged that the company allowed Chinese authorities access to data of its customers.

However, OnePlus on their part has assured customers full support and asked them to contact the company if they see any illegal transactions on their card. “We are… working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit,” read the statement on the forum.