- OnePlus accidentally exposed customer emails in a research email blast.
- â€œHundredsâ€� of usersâ€™ addresses have reportedly been exposed.
The OnePlus Nord may now be official but the leaks from the company just keep on coming. This time, that leaked information includes its customersâ€™ email addresses.
According to a Reddit post, OnePlus has accidentally exposed a number of usersâ€™ email addresses in a poorly-executed research email blast. Whoever smashed that send button failed to hide, or BCC, the list of recipients. The Reddit user who received the email noted that â€œhundredsâ€� of addresses were included in the list which is accessible to all recipients too.
OnePlusâ€™ security woes continue
This rookie error comes after a number of prior security lapses by OnePlus. In June 2019, a preinstalled OnePlus app contained a security flaw that exposed usersâ€™ names, locations, and email addresses. Months later, usersâ€™ private order information was uncovered through a breach. The unauthorized party may have had access to the names, contact numbers, emails, and shipping addresses of customers.
In arguably its largest security fault, as many as 40,000 users were impacted by a breach in 2018 through which usersâ€™ credit card numbers, expiry dates, and security codes may have been accessed. â€œWe cannot apologize enough for letting something like this happen. We are eternally grateful to have such a vigilant and informed community, and it pains us to let you down,â€� said the company in response to the 2018 breach.
While this latest blooper doesnâ€™t seem as detrimental to usersâ€™ security as exposed credit card details, it could cause more than spam and phishing headaches for some. Malicious actors can use these now known email addresses in future attempts to gain access to their customer accounts, or online accounts that use the same address. While actors would require password details, itâ€™s much easier solving half a puzzle.