OnePlus mistakenly leaks user email addresses, merely some weeks after fixing a security loophole


OnePlus is at it again. No, we are not talking about a new device, but a security breach reported by Android Police. And while this one is minor when compared to previous incidents, it was easily preventable.

Kids, never undermine the importance of the Bcc field

First, an email 101. When you are composing an email, there is a field called Blind carbon copy or Bcc that doesn’t let recipients see each other’s email addresses. It’s often used by marketers and companies when they send the same message to various people. 

This week, OnePlus sent out a mass email about a research study and it forgot to use the Bcc field. As a result, email addresses of nearly 271 people were exposed, according to an estimate. The email was apparently sent to customers who signed up for a user interface survey after the OxygenOS 10.5.11 update.

OnePlus is no stranger to data breaches

On the surface, this seems like a slip-up without any serious consequences. However, it’s not a good look for the Chinese company, who fixed a security vulnerability that exposed information of US customers such as names, phone numbers, email addresses, and physical addresses some weeks back. The loophole was in the manufacturer’s out-of-warranty repair and advance exchange invoicing system and there is no evidence that it was exploited. 

OnePlus has so far not said anything about the recent incident.

For the latest tech news and updates, Install TechCodex App, and follow us on Google News,  Facebook, and Twitter. Also, if you like our efforts, consider sharing this story with your friends, this will encourage us to bring more exciting updates for you.


Get real time updates directly on you device, subscribe now.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. AcceptRead More