OnePlus filters ‘hundreds’ of user emails into the dumbest security blooper yet

The OnePlus Nord may now be official, but the company’s leaks keep coming. This time, that leaked information includes the email addresses of their customers.

According to a Reddit post, OnePlus has accidentally exposed multiple email addresses of users in a poorly executed investigative email blast. Whoever broke that submit button couldn’t hide, or BCC, the recipient list. The Reddit user who received the email noted that “hundreds” of addresses were included in the list that can also be accessed by all recipients.

OnePlus security issues continue

This rookie error occurs after a series of previous security flaws by OnePlus. In June 2019, a pre-installed OnePlus app contained a security flaw that exposed users’ names, locations, and email addresses. Months later, users’ private order information was discovered through a breach. The unauthorized party may have had access to customers’ names, contact numbers, emails, and shipping addresses.

See also: 10 best email apps for Android to manage your inbox

Arguably it’s their biggest security flaw, as up to 40,000 users were affected by a breach in 2018 through which users’ credit card numbers, expiration dates, and security codes could be accessed. “We cannot apologize enough for allowing something like this to happen. We are eternally grateful to have such a vigilant and informed community, and it pains us to disappoint you, ”the company said in response to the 2018 violation.

While this latest bug doesn’t seem to be as damaging to users’ security as exposed credit card details, it could cause more than spam and phishing headaches for some. These now known email addresses may be used by malicious actors in future attempts to access their customer accounts or online accounts that use the same address. While the actors would require password details, it is much easier to solve half a puzzle.

next: 10 best security apps for Android that are not antivirus apps