It rains on wet inside the company Oneplus and the protection of the personal and private data of its clients. If at the beginning of July another security breach was closed that exposed personal data such as order numbers, phone models, IMEI, name, addresses and others; now he has returned to the old ways in the most stupid and childish way possible. This time, an error when sending an email or that someone does not know exactly the differences between CC and BCC when sending an email, has caused another leak of personal data.
Quite absurdly, the personal data of hundreds of customers has been shared by OnePlus. In this case, it is all because they have sent an email to their customers to conduct a research study on their products. The problem is that they have not put the addresses of the clients in blind copy (BCC), reason why the email addresses of the clients have been shared with all the recipients of the email.
Hundreds of email accounts exposed to SPAM
In the following screenshot we see the huge number of email addresses that were leaked. Not all clients, but many. In fact, it seems like everyone who signed up for a OnePlus survey after the OxygenOS update 10.5.11. The big problem with this bad practice is that all of those email addresses can now be used to run a SPAM campaign.
In addition, the thing could be anecdotal, but as we have already said, it rains on wet. Early 2019 Thousands of users’ personal data was leaked, while at the end of the same year, someone gained unauthorized access to the personal data of many customers. Those were major security flaws, but not the only ones.
In 2017, the data collected for analysis by OnePlus terminals could allow the identification of users. In 2018, were hacked over a period of 2 months, affecting their credit card payment system. Up to 40,000 people are estimated to have been affected.
This same year we have also had a move. He June 30th OnePlus was informed of a security breach. Apparently, on July 2 it was solved without the details being released, so we do not know the number of people who could have been affected. Hopefully this oversight when sending an email is the last “bundled” of OnePlus with the personal data of the clients.