One Plus has not disclosed how many users were affected by data breaches

• An 'unauthorised party' was able to access OnePlus customers' order information and might have stolen users' names, shipping addresses, contact numbers and email IDs.
• If you are one of the affected users, OnePlus has sent an email to registered ID to inform you of the breach.
• The company has not disclosed how many users were affected but claims that the most that can happen is a little more spam in your inbox.

Two years, two data breaches for OnePlus — but this time around it isn't that serious, according to the company. The most that can happen is that you'll get extra spam in your inbox, if you're one of the affected users.

In case you were one of the victims, the company will be notifying you by email.

Last time around, in January 2018, the credit card information of around 40,000 customers was stolen.

OnePlus has not disclosed who many customers were affected this time but claims that all payment information, passwords and accounts are safe — only names, contact numbers, email IDs and shipping addresses 'may have been exposed'.

This means the hacker only has the power to send phishing emails and spam your way. They don't have enough information to hack into your accounts or access any of your financial services.

But, it does put you at risk.

Here's how phishing emails work

Phishing is like carrying out a con — only it's online. Users usually receive an authentic-looking email that seems as though it's from a legitimate company. The email usually asks the recipient to click on a link or provide sensitive information.

So, as a general rule, never provide any sensitive information by clicking on third party links. Not just over emails, but even forwarding links in messages or from secondary websites.

And, whenever you are entering any sensitive information online, always double-check the URL. Better yet, use your own link.

Moreover, activate a plug-in or web tool that can flag off malicious links and warn you before you click on anything risky.

How is OnePlus going to fix this?

"We took immediate steps to stop the intruder and reinforce security, making sure there are no similar vulnerabilities," said OnePlus in a statement.

According to the company, it will be partnering with a 'world-renowned' security platform — ye to be disclosed — next month. And, in collaboration, they will launch an official bug bounty program by the end of December.

Even though the company revealed the data breach on their official company website, they did not report it to CERT-IN — India's nodal agency for cybersecurity — as per the IT Act.

Business Insider has reached out to OnePlus for more information and awaiting their response.

See also:
Wipro confirms phishing attack on its system — 11 other companies unknown

WhatsApp data breach hits downloads in its biggest market — opens it up to Telegram and Signal

How to stay safe on WhatsApp and protect your data