You might already have heard it, and it's no joy: The OnePlus.net website got hacked by cybercriminals, who stole credit card details of almost 40.000 customers using a malicious script.
A lot of customers who bought a OnePlus device during the last months saw fraudulent charges appear on their credit card(s). Quickly, some users realized that they've only bought a OnePlus device, suspecting OnePlus was to blame for the fraud. They contacted OnePlus using their support section and on their forums.
OnePlus promptly replied and started an investigation. During this investigation, they confirmed they've been hacked. A malicious script stealing credit card details (Card number, expiry date and CVC security code) was injected into their payment system. A formal statement can be found on their forums: OnePlus statement on credit card security
I recently bought something on the OnePlus.net website. Are my card details stolen?
If you are one of the 40.000 affected users, OnePlus should already have contacted you about this. If OnePlus did not contact you, you should be good to go. However, keep an eye out for any suspicious transactrions made on your credit card(s). If you think you see something that's not right, immediately contact your bank or credit card company.
Also, if you paid using PayPal or a previously stored card (before November '17), you should not be affected by this.