According to a security notification sent from OnePlus today, an unauthorized third party gained access to customers’ order information.

The intruder didn’t access people’s payment information, passwords, and accounts. However, OnePlus said names, contact numbers, and shipping addresses “may have been exposed.” The company said it “took immediate steps to stop the intruder and reinforce security.” It’s also working with authorities to investigate the matter.

In the email, OnePlus also said it will update customers on the investigation. The company didn’t say how long it’s known about the intrusion or how many people are affected.

On OnePlus’ forums, OnePlus security team member Ziv C. posted the following statement:

We want to update you that we have discovered that some of our users’ order information was accessed by an unauthorized party. We can confirm that all payment information, passwords, and accounts are safe, but certain users’ name, contact number, email, and shipping addresses may have been exposed. Impacted users may receive spam and phishing emails as a result of this incident. We took immediate steps to stop the intruder and reinforce security. Before making this public, we informed our impacted users by email. Right now, we are working with the relevant authorities to further investigate this incident. We are deeply sorry about this, and are committed to doing everything in our power to prevent further such incidents. Please contact us with any questions or concerns at Customer Support.

When reached for comment, OnePlus issued a similar statement. Also, the company pointed us to the forum post with the statement posted above.