As iTWire reported on Monday, a number of OnePlus customers had experienced credit card fraud after they had used their cards on the site.
The firm Fidus Infosecurity said that the company appeared to have its payment page hosted on-site, instead of being an iFrame hosted by a third-party payment processor.
In a blog post, the Fidus researchers also said that OnePlus did not appear to be PCI-compliant and this was not mentioned on their website. Additionally, the company claimed that it did not handle credit card payments when, in fact, it did.
OnePlus directed iTWire to the blog post after inquiries were made about the alleged hack.
The company also denied being affected by a bug in the Magento eCommerce software which it uses. "Oneplus.net was initially built on the Magento eCommerce platform," it said.
"However, since 2014 we have been re-building the entire website with custom code, and credit card payments were never implemented in Magento's payment module at all."
Fidus Infosecurity's Andrew Mabbitt told iTWire that the payment page was the same for all countries. "The issue appears to affect the company worldwide as they use the same checkout for every country," he said in response to a query.