Did Essential really just send out a phishing email to preorder customers?
Brand-new phone maker Essential frustrated fans with months of silence and delays — but for some preorder customers, those missteps pale in comparison to the company’s latest PR nightmare.
An Essential email account asked some customers to verify their identity by sending back a picture of a photo ID, according to a report from The Verge.
That’s an odd request for a vendor to ask of its patrons — it smells suspiciously of a phishingscam — but with all of Essential’s false starts, it might not have seemed out of line for fans who’ve waited for their phone since May.
The customer responses weren’t just sent back to the Essential account, though. Instead, messages went to everyone who received the original email, creating a thread filled with sensitive personal information.
“We made an error in our customer care function that resulted in personal information from approximately 70 customers being shared with a small group of other customers,” Essential founder Andy Rubin wrote in a blog post.
Redditor Cygnosity posted the full text of the message to the r/Essential subreddit. He wrote that most of the replies to the thread were order cancellation requests, and that he was “absolutely done with this company.”
Though some pointed out the original message sounded like a phishing attempt, the email was actually due to a “misconfigured account,” according to Rubin. “We have disabled the misconfigured account and have taken steps internally to add safeguards against this happening again in the future.”
That lines up with this explanation, provided by redditor Ronnie Schnell, who said the email was likely due to a misconfigured customer support address on Zendesk, a customer service portal.
Still, multiple people responded to the message with their personal information, so this is a serious breach of consumer security and trust. Rubin said Essential would provide one year of LikfeLock’s identity theft protection services to affected customers.
We’re aware of & looking into a recent e-mail received by some customers. We’ve taken steps to mitigate & will update with more info soon.
— Essential (@essential) August 30, 2017
“I humbly thank our customers and channel partners for your patience and understanding as we proceed with the launch of our first products,” Rubin wrote.
Essential is likely working in overdrive to clear up the situation, but it might be too late for the company to regain the trust of its customers.
Updated with more information from Essential’s blog post.