Purchased a OnePlus phone? Yeah, your credit card might have been stolen.

Things aren't looking so hot for approximately 40,000 OnePlus customers. And no, not because they'll probably have to wait until June to upgrade to the OnePlus 6.

It turns out that the company's website was hacked, and in the process credit card numbers and other payment information was likely stolen.

According to a statement issued by the Chinese smartphone manufacturer, "a malicious script was injected into the payment page code to sniff out credit card info while it was being entered."

What this means in practice is that, from roughly mid November of 2017 to January 11, 2018, any customer who put their credit card into OnePlus.net could have had it lifted by hackers. Some customers are already reporting fraudulent charges.

"The malicious script operated intermittently, capturing and sending data directly from the user's browser," the company said in a statement. "It has since been eliminated. We have quarantined the infected server and reinforced all relevant system structures."

OnePlus emailed the customers it believes might have been affected, and noted that both card expiration dates and security codes could also have been stolen.

Original image has been replaced. Credit: Mashable

Security researchers at Fidus Information Security looked into the breach, and what they found doesn't look so good for OnePlus. According to a Fidus blogpost, "OnePlus do not appear to be PCI compliant, nor do they mention this anywhere on the website."

Why does this matter? PCI is short for Payment Card Industry Data Security Standard, and, according to the PCI Security Standards Council, the standards are "the operational and technical requirements for organizations accepting or processing payment transactions, and for software developers and manufacturers of applications and devices used in those transactions."

In other words, according to Fidus, OnePlus may not have been taking basic steps to protect its customers data. Like we said, not looking good.

So, what can you do if you got an email from OnePlus notifying you of the breach? Not much, unfortunately. OnePlus says you should check your bank statement for fraudulent charges, and reach out to the company for any "enquiries."

OnePlus will also offer "one year of credit monitoring to affected customers," according to a company spokesperson.

Somehow, for those who already had their credit cards stolen, we don't imagine these measures will provide much solace.

This story has been updated to note that OnePlus is offering limited credit monitoring.