November 29, 2020

OnePlus’ latest security blooper is arguably its silliest one yet

It might seem minimal, but this could lead to future security headaches for hundreds of OnePlus customers.

OnePlus logo 2

  • OnePlus accidentally exposed customer emails in a research email blast.
  • “Hundredsâ€� of users’ addresses have reportedly been exposed.

The OnePlus Nord may now be official but the leaks from the company just keep on coming. This time, that leaked information includes its customers’ email addresses.

According to a Reddit post, OnePlus has accidentally exposed a number of users’ email addresses in a poorly-executed research email blast. Whoever smashed that send button failed to hide, or BCC, the list of recipients. The Reddit user who received the email noted that “hundreds� of addresses were included in the list which is accessible to all recipients too.

OnePlus’ security woes continue

This rookie error comes after a number of prior security lapses by OnePlus. In June 2019, a preinstalled OnePlus app contained a security flaw that exposed users’ names, locations, and email addresses. Months later, users’ private order information was uncovered through a breach. The unauthorized party may have had access to the names, contact numbers, emails, and shipping addresses of customers.

See also: 10 best email apps for Android to manage your inbox

In arguably its largest security fault, as many as 40,000 users were impacted by a breach in 2018 through which users’ credit card numbers, expiry dates, and security codes may have been accessed. “We cannot apologize enough for letting something like this happen. We are eternally grateful to have such a vigilant and informed community, and it pains us to let you down,� said the company in response to the 2018 breach.

While this latest blooper doesn’t seem as detrimental to users’ security as exposed credit card details, it could cause more than spam and phishing headaches for some. Malicious actors can use these now known email addresses in future attempts to gain access to their customer accounts, or online accounts that use the same address. While actors would require password details, it’s much easier solving half a puzzle.

Next: 10 best security apps for Android that aren’t antivirus apps