Despite being the backbone of most Internet and even corporate communication, many consider email to be archaic and inflexible. There are many things that the format and technology don’t and simply can’t afford. One of those would be redacting or deleting emails that have already been sent, received, and read, a feature that OnePlus may now wish did exist considering how it accidentally revealed the emails of everyone that participated in what should have been a private and anonymous survey.
OnePlus conducted a survey earlier this month after the rollout of OxygenOS 10.5.11. These surveys often come with the promise of anonymity though some do ask for an email address. You don’t often expect those conducting the survey to email you back other than with a confirmation and most do so via automated means.
That clearly wasn’t the case with the latest OnePlus blunder that exposed participants’ email addresses in a mass mailer. These emails make use of BCC to hide other participants’ addresses but someone at OnePlus HQ may have forgotten that small but critical detail. The result, everyone in that email blast now has a list of everyone else’s emails.
Considering the number of times OnePlus got involved in a security breach, this error seems almost trivial. But as Android Police pointed out, emails don’t exist in isolation. In the wrong hands, these addresses could also be associated with other leaked OnePlus customer information or even be used for other social engineering attempts.
Such email blunders, to be fair, aren’t rare and even high-profile companies or personalities make that mistake. That, of course, isn’t an excuse to be lax in handling customer information, especially when you’ve been involved in recent and multiple accidents and incidents. Needless to say, OnePlus’s launch curse strikes again.