For the second time in two years, OnePlus has been the victim of a hack by an "unauthorized party", with customer names, email addresses, and shipping addresses now potentially out in the public domain.
Payment information and passwords are safe and weren't exposed by the attack, OnePlus says, and no accounts have been accessed by the third party.
"We took immediate steps to stop the intruder and reinforce security," OnePlus said in an email to affected customers. "Right now, we are working with the relevant authorities to further investigate this incident and protect your data."
- Check out the latest Black Friday deals
- Android security bugs are getting nasty
- Treat yourself to a new dash cam
If an email hasn't landed in your inbox, you can assume your account details haven't been exposed – but as always, it's better to be safe than sorry.
What to do next
If you've had dealings with OnePlus in the past, it's important to watch out for any phishing attempts sent to you in the future – that's emails that will try and direct you to a spoof website to get you to enter financial details or other sensitive information.
As scammers may now have hold of your name, email address and shipping address, these phishing emails could look very genuine indeed. Always double-check where emailed links are sending you, and keep your browser software right up to date to minimize your chances of getting caught out.
"OnePlus will never ask you for your passwords, and any financial information should only be provided via a secure payment page on the OnePlus website or one of our partners if you are buying products from us," OnePlus said.
In response to the breach, OnePlus is partnering with a "world-renowned security platform", and launching a bug bounty program. For more details on the incident, head to the official FAQ.