OnePlus is at it again. No, we are not talking about a new device, but a security breach reported by Android Police. And while this one is minor when compared to previous incidents, it was easily preventable.

Kids, never undermine the importance of the Bcc field

First, an email 101. When you are composing an email, there is a field called Blind carbon copy or Bcc that doesn’t let recipients see each other’s email addresses. It’s often used by marketers and companies when they send the same message to various people. 

This week, OnePlus sent out a mass email about a research study and it forgot to use the Bcc field. As a result, email addresses of nearly 271 people were exposed, according to an estimate. The email was apparently sent to customers who signed up for a user interface survey after the OxygenOS 10.5.11 update.

OnePlus is no stranger to data breaches

OnePlus has so far not said anything about the recent incident.