Essential, which just started shipping on August 26, is now facing a tremendous blow as it seems that their website has been compromised. Customers who pre-booked the Essential devices are receiving phishing emails that require them to send a photo ID in order to get their devices shipped.
Essential has confirmed that the phishing emails have been sent to its customers and it’s looking into the matter.
We’re aware of & looking into a recent e-mail received by some customers. We’ve taken steps to mitigate & will update with more info soon.
The news of the hack emerged on Essential’s subreddit page where one of the users reported getting an email from the company’s customer care asking for a Photo ID and the same email had been CC’ed to multiple other email addresses.
It is being believed that those Essential customers who had contacted or had been contacted via the ‘firstname.lastname@example.org’ email ID have received this phishing email.
According to the same subreddit post, while most of the people on the email thread didn’t reply with the photo ID and several even asked for a cancellation, a few fell for the trick.
The phishing email sent to Essential customers read:
Our order review team requires additional verifying information to complete the processing of your recent order.
This verification is performed to protect against unauthorized use of your payment information and similar to what is conducted for in-person purchases.
Please provide an alternative email and phone number to confirm this purchase. We would like to request a picture of a photo ID (e.g. driver’s license, state ID, passport) clearly showing your photo, signature, and address.
NOTE: the address on the ID should match the billing address listed on your recent order.
We apologize for the inconvenience and appreciate your cooperation. Once verified, we look forward to shipping your order.
Essential Products Customer Care
Given that the company has confirmed that the email sent isn’t an official one, anyone who receives a similar email from ‘email@example.com’ — or any other ‘@essential.com’ email ID for the time being– should avoid even replying to it as in all likeliness it’s a phishing scam.
Update: Andy Rubin has released an official note stating that the company made an error and apologized for the same while offering one year of LifeLock to the impacted customers.
“Yesterday, we made an error in our customer care function that resulted in personal information from approximately 70 customers being shared with a small group of other customers. We have disabled the misconfigured account and have taken steps internally to add safeguards against this happening again in the future,” Andy Rubin Wrote.
“It’s humiliating, it doesn’t taste good, and often, it’s a humbling experience. As Essential’s founder and CEO, I’m personally responsible for this error and will try my best to not repeat it.”