Update: Andy Rubin apologizes for Essential’s huge privacy blunder
Update #2: Essential founder Andy Rubin has confronted the issue head-on, recognizing the error in customer care which resulted in personal information from approximately 70 customers being shared with a small group of customers. He goes on to say:
One of the most important jobs of a founder is to recognize when things aren’t going quite right, and make the necessary decisions and take action to correct them before customers are impacted. Founders are often faced with thousands of micro-decisions daily to keep their companies laser-focused on delivering products into the right markets at precisely the right time.
Yesterday, we made an error in our customer care function that resulted in personal information from approximately 70 customers being shared with a small group of other customers. We have disabled the misconfigured account and have taken steps internally to add safeguards against this happening again in the future. We sincerely apologize for our error and will be offering the impacted customers one year of LifeLock. We will also continue to invest more in our infrastructure and customer care, which will only be more important as we grow.
Being a founder in an intensely competitive business means you occasionally have to eat crow. It’s humiliating, it doesn’t taste good, and often, it’s a humbling experience. As Essential’s founder and CEO, I’m personally responsible for this error and will try my best to not repeat it.
I remain heartened and motivated by the groundswell of support that Essential has experienced since unveiling the company on May 30th. We continue to believe deeply in our vision and the innovation we are bringing to life via our Home, Phone and 360 Camera products. I humbly thank our customers and channel partners for your patience and understanding as we proceed with the launch of our first products.
You can read the full blog post here.
Update #1: Essential has reached out to us with word that the email fiasco is not, in fact, a phishing attack.
While the situation has yet to be completely eradicated, an Essential employee has verified the authenticity of the email, meaning it’s not a phishing scam.
We will be sure to update you as we learn more.
Original post: If you’ve received an email from Essential asking to provide “additional verifying information”, do not reply.
According to our readers, folks on Reddit, and many other reports around the web, Essential Phone customers received an email last night from a support account – firstname.lastname@example.org – claiming that the company needs “additional verifying information” to finish processing their order. The full email, attached below, asks for an alternative email address, phone number, as well as a picture of a photo ID clearly showing the customer’s photo, signature, and address.
Take a look at the full email below:
Our order review team requires additional verifying information to complete the processing of your recent order. This verification is performed to protect against unauthorized use of your payment information and similar to what is conducted for in-person purchases.
Please provide an alternative email and phone number to confirm this purchase..
We would like to request a picture of a photo ID (e.g. driver’s license, state ID, passport) clearly showing your photo, signature and address. NOTE: the address on the ID should match the billing address listed on your recent order.
We apologize for the inconvenience and appreciate your cooperation. Once verified, we look forward to shipping your order.
Essential Products Customer Care
Essential is aware of the situation however, and says it’s working to mitigate the phishing attack:
As previously stated, do not reply to this email. If you know anyone who’s purchased an Essential Phone, please pass this along.
We’ve reached out to Essential for comment and will update this post when we hear back.