In a massive screwup, Essential customer who preordered an essential phone last night received an email from the company asking for a copy of their driver’s license. This was to verify their address in an attempt to prevent fraud. Of course customers who preordered the device were able to provide verification, but those emails didn’t go to Essential.
Those that replied to the email ended up sharing all of their information with everyone on the original email. This means that if you shared your information, other Essential customers are now in possession of each other’s information, such as birth date, address information, and drivers license.
Many outlets are reporting this as a phishing scandal since it does look a lot like a phishing attempt, but after examining email headers, it doesn’t look to be a phishing attempt. Seems like Essential may have misconfigured customer support email list and ended up causing this massive screwup.
Here’s the email the company sent out originally (via Cygnosity on Reddit):
On Aug 29, 2017, at 9:23 PM, Customer Care [email protected] wrote:
Hi,
Our order review team requires additional verifying information to complete the processing of your recent order.
This verification is performed to protect against unauthorized use of your payment information and similar to what is conducted for in-person purchases.
Please provide an alternative email and phone number to confirm this purchase..
We would like to request a picture of a photo ID (e.g. driver’s license, state ID, passport) clearly showing your photo, signature and address. NOTE: the address on the ID should match the billing address listed on your recent order.
We apologize for the inconvenience and appreciate your cooperation. Once verified, we look forward to shipping your order.
Thanks!
Essential Products Customer Care
Professor Ron Schnell, who knows quite a bit about digital forensics said on Reddit that “It is not a Phishing scam. It is a misconfiguration. The DKIDs check-out, and the replies are actually going to Essential (and then many other people). I’ve accumulated quite a collection of D/Ls, Passports, credit card statements, phone numbers, and e-mail addresses. This is unbelievable.”
Overnight, customers were receiving emails like these:
Essential on Twitter responded:
We’re aware of & looking into a recent e-mail received by some customers. We’ve taken steps to mitigate & will update with more info soon.
— Essential (@essential) August 30, 2017
This is a big mess up on Essential’s part. Since many have been anticipating the company’s new phone, Essential isn’t off to a hot start. The Jolt Journal reached out to Essential for comment multiple times but have not heard back.
