OnePlus has now suffered two security snafus in just a month. Today's news is a bit less serious, but given the company's history, it's indicative of a clear trend. OnePlus blasted out a mass mailer for a research study earlier today, and someone seems to forgotten what BCC means, giving everyone in the chain access to hundreds of customer emails. Whoops.
Although the precise number of people included on the (fairly minor) leak was originally unknown, one of the recipients on the message was able to confirm to us after publication that 271 email addresses were included.
Censored screenshot of the email's recipients. Image via /u/Rithari.
Admittedly, this sort of thing happens once in a while. Around once a year, some PR company accidentally forgets to BCC recipients on a mass mailer I'll get, resulting in a comically long set of angry responses as folks reply to the message. Usually, it's just a bit funny, but when folks on the list are customers of a company, and that information could be tied to details that might be available as a result of previous leaks, it's a little more concerning. No matter how you look at it, this is private data being made public to others.
We're told that the email was likely sent to people that signed up for a UX survey offered by OnePlus after the 10.5.11 update. While it's unlikely folks included on the email will get anything other than a messy email thread and some unwanted notifications, this sort of mistake is pretty amateur hour, especially from a company that's suffered some more serious security issues in the past.
- Kanna from the OnePlus discord server