Essential data leak: Company accidentally exposes private and sensitive customer details via email
The data included driver's licences, passports, phone numbers, credit card statements, and email ids.
Essential phone recently leaked personal information of its customers, including their driver's licences, passport information, phone numbers and email ids to other customers through an email chain.
The company, which is now taking phone orders from its customers, had previously asked all those who have registered for the Essential phone to send private information, including driver's licences, to seemingly prevent fraud and also to verify their addresses.
Customers that replied to the email also received messages from others who had done the same, leaving a good number of those who pre-ordered the phone with complete information about every other person in the email chain.
It is being reported that some people had even sent images of their driver's licence while others had sent multiple phone numbers. Right now, according to a report by Verge, there is an unknown number of Essential customers with information about each other.
While it might seem like a classic phishing scam, with a company asking for weirdly specific personal information such as driver's licence, it actually is a case of bad email management, says the Verge report. It was a misconfigured email system that had apparently hit "Reply All" by default.
Essential CEO Andy Rubin admitted in a blog post that they had made an error with the emails that "resulted in personal information from approximately 70 customers being shared with a small group of other customers". He added that founders are faced with "thousands of micro-decisions". The company has not disclosed the number of people who received the details or if the mails were shared by them.
Essential's Twitter account on Wednesday (30 August) posted a tweet, informing people that they are aware of the error and that they are trying to fix it.
Rubin also mentioned that the misconfigured email id was deactivated and he took personal responsibility for this incident saying, "I'm personally responsible for this error and will try my best to not repeat it."
One of the customers who received this information from Essential was Professor Ron Schnell, an expert on digital forensics who clarified on his Reddit page that the error was not a scam, but added that he now has access to a lot of personal information, including credit card statements about other Essential customers.
IBTimes UK has reached out to Ron Schnell for a comment.
© Copyright IBTimes 2024. All rights reserved.