OnePlus has discovered that some users' order information on its online store was accessed by an unauthorized party, the Chinese smartphone maker said on November 23.
Certain users' name, contact number, email and shipping address may have been exposed and impacted users may receive spam and phishing emails as a result of this incident, the company warned in a forum post.
Except for that, there seems to be no other security threat as Ziv from the Security team said:
We can confirm that all payment information, passwords and accounts are safe.
OnePlus discovered this while its security team was monitoring its systems. The company immediately took steps to stop the intruder and reinforce security, and also made sure that there aren't any similar vulnerabilities waiting to be exploited.
OnePlus said they were deeply sorry about this and before making this public they had informed impacted users by email.
For those impacted, there is no additional action required for now, but OnePlus do note users should be aware that they may receive spam and phishing emails as a result of this incident.
This happened just as the company is rolling out Black Friday offers that customers can save up to $150 for certain OnePlus 7 Pro OnePlus 6T models.
The incident is similar to a security breach OnePlus suffered in January last year when up to 40,000 users may have been affected in the period mid-November to January 11.
The company said at the time that if you used PayPal or a credit card entered in the system before this period, you should not be affected.
