OnePlus accidentally exposes customer information — again — in the stupidest way possible

[zanderthunder]

 

OnePlus has now suffered two security snafus in just a month. Today's news is a bit less serious, but given the company's history, it's indicative of a clear trend. OnePlus blasted out a mass mailer for a research study earlier today, and someone seems to forgotten what BCC means, giving everyone in the chain access to "hundreds" of customer emails. Whoops.

 

We can't actually verify the number of folks that were included in the (fairly minor) leak since the emails were only handed to other folks on the thread, but one person that was included in the mass mailer says "hundreds" of email addresses were present.

 

Censored screenshot of the email's recipients. Image via /u/Rithari.

 

Admittedly, this sort of thing happens once in a while. Around once a year, some PR company accidentally forgets to BCC recipients on a mass mailer I'll get, resulting in a comically long set of angry responses as folks reply to the message. Usually, it's just a bit funny, but when folks on the list are customers of a company, and that information could be tied to details that might be available as a result of previous leaks, it's a little more concerning. No matter how you look at it, this is private data being made public to others.

 

We're told that the email was likely sent to people that signed up for a UX survey offered by OnePlus after the 10.5.11 update. While it's unlikely folks included on the email will get anything other than a messy email thread and some unwanted notifications, this sort of mistake is pretty amateur hour, especially from a company that's suffered some more serious security issues in the past.

Source: OnePlus accidentally exposes customer information — again — in the stupidest way possible (via Android Police)