Someone who pushed a button in an email in the OnePlus office is definitely getting a reprimand (or worse) from the bosses. The company sent out a mass mailer for a research study they previously conducted but unfortunately, the email addresses of everyone on that thread were not in the BCC part. This means anyone who received the email was able to see all the email addresses of the other recipients. This is just another mistake that the OEM has made in a month, although it is less problematic than the earlier one.
According to Android Police, one of the recipients of an email from OnePlus realized that they forgot to paste all the email addresses on the BCC part and instead put them on the To part. So basically, everyone saw each other’s email address. There were apparently 271 addresses “exposed” by this mistake and while it may not be that serious and may actually be funny, there are still security risks to this kind of thing.
If the email addresses were that of existing customers of OnePlus, then it can possibly be connected to other details that were part of previous leaks or security breaches. Then that may lead to eventual privacy and security issues. Just earlier this month, a vulnerability was discovered and may have exposed customer details like full names, contact numbers, email addresses, IMEI numbers, and even physical addresses. OnePlus believes this was not exploited but you can never be too sure.
The email was sent to people that signed up for a UX survey that the company conducted after they updated their UX to version 10.5.11. The company has not given an official statement yet but while this is actually a mistake that even big companies make, it’s still not a good look on them especially given that they have had previous security issues already.
This mistake comes on the heels of the launch of their newest smartphone line and earbuds. You would want all the goodwill you can get from customers and potential customers especially during these times so this is a pretty unfortunate incident. Hope the OnePlus email guy is doing okay after this.