OnePlus says hackers gained access to past customer orders. Exposed information included details like customer names, contact numbers, emails, and shipping addresses, but not passwords or financial details, the company said.
OnePlus believes the hacker's entry point was a vulnerability in its website, but did not provide any additional details.
"We've inspected our website thoroughly to ensure that there are no similar security flaws," the company said.
"Before making this public, we informed our impacted users by email. Right now, we are working with the relevant authorities to further investigate this incident," a member of the OnePlus security team said today in a forum post, separate from the FAQ.
As a result of the breach, OnePlus said it is partnering with "a world-renowned security platform next month, and will launch an official bug bounty program by the end of December."