If you've received an email from Essential asking for additional information, do not reply to it.
Update 2: Essential CEO Andy Rubin has confirmed that yesterday's slip-up was due to a misconfiguration with one of the customer care emails. The company has disabled that particular account, and is adding in safeguards to prevent a similar occurrence in the future:
Yesterday, we made an error in our customer care function that resulted in personal information from approximately 70 customers being shared with a small group of other customers. We have disabled the misconfigured account and have taken steps internally to add safeguards against this happening again in the future. We sincerely apologize for our error and will be offering the impacted customers one year of LifeLock. We will also continue to invest more in our infrastructure and customer care, which will only be more important as we grow.
Being a founder in an intensely competitive business means you occasionally have to eat crow. It's humiliating, it doesn't taste good, and often, it's a humbling experience. As Essential's founder and CEO, I'm personally responsible for this error and will try my best to not repeat it.
I remain heartened and motivated by the groundswell of support that Essential has experienced since unveiling the company on May 30th. We continue to believe deeply in our vision and the innovation we are bringing to life via our Home, Phone and 360 Camera products. I humbly thank our customers and channel partners for your patience and understanding as we proceed with the launch of our first products.
Update: It appears that Essential had a misconfiguration of their customer support software (Zendesk in this case) that caused emails to be blind copied (BCC:) to everyone on a customer mailing list who needed to provide more information. Other reports of fraudulent charges and a compromised customer database are as of yet unconfirmed.
The Essential Phone is finally going out to customers after lengthy delays, but the company isn't done with its share of controversy yet. An email that's going out to customers from an Essential support account (customercare@essential.com) is soliciting additional information in the form of a photo ID to process shipments. While the address itself is legitimate, it looks like the company's customers have been targeted by a phishing attack.
Judging by the responses to the Reddit thread, the hacker found a way into the company's mailserver. Here's the email in its entirety:
Hi,
Our order review team requires additional verifying information to complete the processing of your recent order.
This verification is performed to protect against unauthorized use of your payment information and similar to what is conducted for in-person purchases.
Please provide an alternative email and phone number to confirm this purchase..
We would like to request a picture of a photo ID (e.g. driver's license, state ID, passport) clearly showing your photo, signature, and address. NOTE: the address on the ID should match the billing address listed on your recent order.
We apologize for the inconvenience and appreciate your cooperation. Once verified, we look forward to shipping your order.
Thanks!
Essential Products Customer Care
For its part, Essential has mentioned that it has taken steps to "mitigate the issue:"
We're aware of & looking into a recent e-mail received by some customers. We've taken steps to mitigate & will update with more info soon.
— Essential (@essential) August 30, 2017
Did you receive an email from Essential requesting verifying information?
Reader comments
Essential 'phishing attack' was just sloppy email practice [Andy Rubin responds]
My 360 camera is on it's way.
The new camera app has done wonders.
Here is a temporary fix for the camera, it is the software which seems to be the issue after all.
https://www.xda-developers.com/google-camera-updated-zero-shutter-lag-xi...
My PH-1 was scheduled for delivery for Friday, was delivered today.
Does anywhere in the box or phone indicate "PH-1" or "A11"? Or are both present?
Under phone settings, about phone, it says model number PH-1. On the box in the back sticker with the information about the phone, at the bottom right hand corner it says model A11. The A11 is the FCC ID.
Thanks! So much for Andrew Martonik's assertion that PH-1 was akin to N950U rather than Note 8.
You are welcome. But the way, why did you want to know in the first place.
See edit.
please please let the drama be over. People will get over it if the phones land in their hands soon. It is the 31st of August today and based on essentials last word on shipping people should hopefully be getting their phones now. I really hope so I'm looking forward to seeing this phone in the wild. For me it is the build materials. Ceramic and titanium. The camera being and unknown would be a problem for me because I do value the trend of phone instead of my fat full frameDSLR cameras that I happily leave at home when i am not taking photos for work because of the quality I can get with my phone and vacations. 4 point and shoot people take this for granted now. I am not a pure Android person because because I like the value that Samsung offers since I do not need to install anything beyond my Netflix instagram etc I also don't care so much about updates as most people seem to who are using stripped down software waiting and applauding updates or features i already have. I find ample power in phones these days from most manufacturers but the price point was wrong for me. I did not order the Essential phone but I do not wish it Ill Will.
In good news, if you are affected, you might get the PH-1 for free
Welp, it’s not a phishing attack.
It was a legitimate email.
That’s even more of a colossal screwup.
https://www.essential.com/blog/an-acquired-taste
But hey it wasn't amateurs at Essential fault though. Asking for confidential information in emails? But hey it's the 70 IQ idiots fault. Nothing this company does is wrong. Crap a **** and it's the all one needs for a phone. They don't have to state anything.
Blind loyalty.
Exactly, you must have an IQ of 70 to give anyone that information via email. I don't care who ask for it, unless you are on a government website, even then no one asks for your passport information. Because some idiot in essential asked for it, does not mean you have to furnish them this type of information.
Oh wow, hey cybertec, they've accepted responsibility and are trying to make it you to customers. I guess you can shift the narrative now to how amazing they are for offering life lock.
Ha!
What does this have anything to do with what I posted. NOTHING.
True. You keep posting things about some Bangladesh something or other. Way off base.
Just a hint....trolls stop trolling when you don't reply or mention them. They just want attention.
Does the Essential phone have NFC capability?
Yes
Thanks for the info.
Here you go, full spec list for the phone.
Model Name
Essential PH-1
Materials
Titanium body
Ceramic back
Corning Gorilla Glass 5 cover glass
Dimensions
Height: 141.5mm
Width: 71.1mm
Thickness: 7.8mm
Weight: < 185 grams
Display
Resolution: 2560 x 1312 QHD
Aspect Ratio: 19:10
Diagonal Size: 5.71” with radiused corners
Brightness: 500 nits (typical)
Contrast Ratio: > 1:1000 (typical)
Technology: CGS / LTPS
Human Input + Sensors
10 finger multitouch; palm and water-error rejection
Fingerprint reader: fastest available technology
Proximity / Ambient light sensor
Volume buttons, Power button
Environmental pressure sensor (barometer)
Accelerometer, Magnetometer and Gyroscope
Audio
Microphone: 4x microphones with noise cancellation and beam forming
Low Audio (earpiece)
High Audio: (loudspeaker)
Rear Camera
13MP Dual RGB + Mono camera with image fusion technology
13MP True Monochrome mode
f/1.85 lens
Hybrid Auto Focus combing Contrast, Phase Detect and IR Laser Assist Focus
Video at 4K 30fps, 1080p 60fps or 720p 120fps
Front Camera
8MP resolution with 16:9 aspect ratio
f/2.20 fixed hyperfocal lens
Video at 4K 30fps, 1080p 60fps or 720p 120fps
Battery
3040mAh.
Fast charging via USB
Memory & Storage
RAM: 4GB
Storage: 128GB UFS 2.1
Connectivity
Bluetooth: 5.0 LE
WiFi: 802.11a/b/g/n/ac with MIMO
NFC: yes
Positioning: GPS and GLONASS
Network / Bands
UMTS/HSPA+: 1, 2, 4, 5 6, 8
GSM: 850, 900, 1800, 1900 MHz
CDMA EV-DO Rev. A: 0, 1, 10
FDD-LTE: 1, 2, 3, 4, 5, 7, 8, 11, 12, 13, 17, 20, 21, 25, 26, 28, 29, 30, 66
TDD-LTE: 38, 39, 40, 41, 42, 43
TD-SCDMA: 34, 39
System Architecture / OS
Android
Qualcomm® Snapdragon™ 835
CPU: Kryo 280 Octa-core (2.45GHz Quad + 1.9GHz Quad), 64 bit, 10nm processor
GPU: Adreno 540, 710MHz, 64bit
Ports
USB Type-C
60GHz, 6 Gbps Wireless Accessory Connector
2x accessory power pins
NanoSIM tray with pin eject
Awesome 👍
Thanks again.
What am I missing, "BCC" is good/correct right?
The received email doesn't contain hidden or otherwise the list of email addresses?
I'm glad I learned never purchase a first ever product especially one that costs 700.00 bananas! Good luck with that! The essential is not so essential missing all of the premium features! Yikes!
Thank you. It has ALL the features that I need.
Notably, vapor.
Let us know how that vibrator feature works for you...
Must be a secret feature, thanks for the heads up.
Enjoy that terrible camera, lack of IPXX rating, and awful way the company presents itself.
The real story is they are not shipping the phones. I, like so many others, was charged a week ago and have heard nothing. They do not respond to emails and do not return phone calls. So I just disputed the charges with Capital One. I am done waiting.
My phone is on it's way, will be here Friday, they are not shipping to people who waited till the last minute, this is not a mass produced phone.
I emailed them twice and both times got a response in less than 24 hours.
Rubin, that you?
Yes it is, you got me.
This company is a rolling tire fire. Prudent advice would be to stay as far away from this company and it's products as possible:
In colossal screw up, Essential shared customers’ driver’s licenses over email
There’s a difference between scrappy and sloppy
https://www.theverge.com/2017/8/30/16226028/essential-customer-email-dri...
"We spoke with one of the customers who received the email, Professor Ron Schnell, who also happens to know quite a lot about digital forensics (he served as the CTO on Rand Paul’s presidential campaign).
Schnell’s analysis of the email headers is that these emails really did go back to Essential, not to a random scammer. Here’s how he characterized it on Reddit:
It is not a Phishing scam. It is a misconfiguration. The DKIDs check-out, and the replies are actually going to Essential (and then many other people). I've accumulated quite a collection of D/Ls, Passports, credit card statements, phone numbers, and e-mail addresses. This is unbelievable.
What appears to have happened is that Essential had a list of customers it needed to verify to prevent fraud, so it sent them an email requesting more information. But that email address was set up as a group email, which meant that replies sent to it went to everybody on that email list. It was a misconfigured customer support address on Zendesk, a customer service portal..."
And to think people are blindly accepting this company's clusterf*ck
Essential did not share anyones personal information, especially someone's drivers license, it's the IDIOTS who fell for the phishing email, last I heard not essential or any other company that sells a product asks for your drivers license, the Verge and all the rest of these tech sites need to get their **** together, but it sure gets lots of clicks.
I’ll ask this.
What if it turns out to be a critical mistake? Or a disgruntled employee?
Call me a hater or an idiot, but I’m looking at multiple sides of the same story. If it does in fact connect to the actual Essential support email and Essential shut them down, something is amiss.
Is essential going to be the next Theranos? Theranos was a company founded by a Stanford drop out that claimed she had a device that could do the typical lab analysis of blood at the fraction of the cost of conventional technology. Got a 9 billion dollar valuation, except nobody could figure out how the device worked. So why did they get such a high valuation? A lot of Silicon valley types bought the hype, but when push came to shove they couldn't validate the technology. When the house of cards fell, everything fell apart for that company. Now, Andy Rubin is not Elizabeth Holmes, as he has actually made successful products in the past. But...a 1 billion dollar valuation before the company shipped any phones just shows you how pointless a valuation is.
Essential already screwed up with confusion over the initial ship of their phone. Curious to see if this email debacle will effectively kill the name before it even gets going.
I am fascinated by the initial reviews that note the hardware quality, but how poor the overall software is. I would have thought the software would be the easy part to nail, not titanium and ceramic in a phone. Or taking, cancelling, and shipping orders.
I have maintained for a while now that just one look at the company and its team (ignore Rubin, who exists primarily as the fund-raiser for capital) it screams startup that is about to take the money and shut itself down. Grandiose product plans (with cool renders!) with a lame team is just one indication that there's no substance here. It's the old Dot-Com Bubble play -- get a figurehead that is impressive to get investors to fork out cash, make a half-hearted attempt at a product. Pay yourself tons of $$$ and announce the company is shutting down.
Everything they've done so far seems to indicate this. I was "so close" to pulling the trigger on their phone.
I also wonder why Affirm discontinued its partnership with Essential. They are no longer an option for financing a phone.
The haters are all out in FULL FORCE, LMAO.
Hater is often the word a fanboy uses to describe those with objective viewpoints.
Just stop.
He can post whatever he likes. Only thing is that we don’t have to agree
Mind your own business. Go play Forza
Just kidding
Or Payday. Or the aging Team Fortress. :P
I’m more in-depth than you think. :)
I think you have haters confused with realists
So to you, "haters" = "those you don't agree with".
🙄
I don't know why anyone even bothers with this company at this point. What a cluster@#$%.
It's because of the name attached to it, who still hasn't come public to address the issue.
What issue are you talking about exactly, the one that spread like wildfire do to someone possessing an IQ level less than 70.
Most people who have an IQ less than 70 knows to put a ? at the end of asking a question.
Yeah, think it's just that some people are crushin' on Rubin...
The phone itself is quite nice, but the single piece of Essential software it time is apparently terrible, and they've made it quite clear that they can't operate a business.
This must be a millennial issue, did any of you read that email, anyone who fell for that bogus email needs to get out of their parents basement. I would not be shocked if some of these people even took selfies and send it along with their home address, passport information, drivers license, and credit card information.
Dude, give it up.
He has a shrine of Andy Rubin in his basement.. leave him alone he's a essential super fan.
Dude, just stop.
You’re not making things any better and you’re ridiculing Essential at this point.
Sorry for being “that guy”, but what’s done is done.
Speaking as a "millennial", we don't even use email. How out of touch are you?
I'm surprised you think we can even afford this, I'd expect you to think we spend all our disposable income on avocado toast.
Lol. That was truly funny. Also, cybertec, stop blaming the victim. Not cool.
They are a victim of their own stupidity.
If that ain't the pot calling the kettle black...
Oh boy, here we go.
Honestly, if this company wasn’t the brainchild of Andy Rubin, we’d probably just shun it already.
I think because it's from him it's even more of a fail. How can he leave out the essentials and sell a mid ranger at a flagship price. Being the father of Android you think he would have set the bar. But he didn't even try at all.
Absolutely this. And they definitely wouldn't have the blind investments poured into this company.
Don’t get me wrong, I like the phone itself, but this whole launch was a mess.
Delayed until the Q3 phone launches with no communication until later, delays in shipping with very little communication and now this.
If you read the thread about the Essential shipping details, when people asked to cancel their order, they got no reply in return.
Trust me I'm very aware about the shipping and cancel. I was one that heatedly voiced my opinions. I'm was extremely pissed when they would cancel my order the same day I placed it. Then the emails took days to respond the phone support was vacant. And now this. I wish I just listened to myself and passed on this phone but was too intrigued on the screen.
Correction *wouldn't cancel.
I'm sorta inclined to think this is not a phishing issue. Essential's official response, "We're aware of & looking into a recent e-mail received by some customers. We've taken steps to mitigate & will update with more info soon."
If this were a phishing issue, they would have instructed anyone who received the email to not respond to it. They made no such indication. They simply said they're looking into it. There's nothing to stop anyone who may have received the email (especially those who were included in a bunch of cc:) from responding with their info.
If it is a phishing email, it would be greatly irresponsible not to instruct their customers, immediately, to not respond.
This sounds more like they screwed something up.
Here is a question.
How many people that got that email were gmail subscribers and created their account with a Google+?
How many people registered an email that was not tied to a social media account got the email?
I have my own domain and can create email on the fly.
My email address for Essential was essential.phone@"mydomain".com.
I never received any emails that weren't order related.
I did not get the phishing email.
Essential is a huge flop..
You should all thank Google and Facebook for furnishing all your information to anyone with a pulse, those advertising dollars are essential, who cares about your privacy, privacy be damned.
That's not how those companies operate, they're advertising middle men. They don't sell your private data, because it's their most valuable asset.
Who would want the headache attached to being an Essential loyalist?
Honestly, I have mixed feelings on the Essential phone, I wish them luck, but I will not be an early adopter. Good luck to those who do get their phone. Only thing which does worry me, is usual Phishing scheme's the email address is similar but not the same as the legit entity. If it was essential.net, or a letter left out or different that maybe overlooked, that's one thing. But this was coming from their corporate email address's. Either a hack, or an inside job.
Exactly. And typical phishing emails don't cause a company to shut down its site
so people are just sending out random phishing emails to the whole internet. or they were able to get a list of essential customers? how did they know who to target?
I put in a pre-order but have ignored every email from essential since--given lack of headphone jack and the expense of the phone..
I placed my order with essential for the phone and the 360 camera, no issues here, I was never asked for my passport, social security number, drivers license or photo ID, LMAO.
Maybe if you learned to read, you would had understand they targeted people who's phone had not shipped.
They hacked into their systems and are sending emails from a legitimate email address created customercare@essential.com. Normally their actual address for Essential was support@essential.com. This is not some run of the mil phishing done with a fake email address. This came from inside the company's system. They then were sending emails out to people but were BCC everyone so people were responding because it had their detail information for shipment. It also appears from some people is they were able to get CC card from people who were placing orders with Essential on their site and then collecting the CC info and making fraud charges.
This is more than people who were phishing. Their entire site was compromised and that's why it's currently shut down.
https://twitter.com/Bogorad/status/902706162092597248
No ****, that's what these fishing fraudsters do, did you read my previous post regarding the credit card fraudsters "same people, that's their job, that's what they do all day long", they send the email to the same email address connected to your credit card account, they do this before the company has any clue what is going on, they know they will not get everyone to bite, but the ones that do, learn their lessons. Someone in Bangladesh is having a good day.
Honestly, I'm trying not to read anything you post anymore.
Why, because they make sense.
No it's because your blind loyalty to this company is completely ridiculous. Last post to you brother. Stay blessed.
You are confused, this is not essentials fault, this crap happens all the time, every day to thousands of companies, read my post above, it's the idiots who furnished that information to the fraudsters somewhere in Bangladesh that need to get out of their parents basement and get in touch with the real world, too much Facecrap has fried their brains.
Think aitt just proved his point
Unless you read the complete mail header, you don't know where an email comes from. You need to look at all the mail relay information in the header.
I have my own domain. For a period of time my email got blocked on servers everywhere.
Why, someone was spoofing my domain and it looked like I was sending spam. If I control a server I can relay mail and spoof a header. I don't know where the email came from, but I can forge email all day long and unless you inspect the header, you will not know where it came from.
"We spoke with one of the customers who received the email, Professor Ron Schnell, who also happens to know quite a lot about digital forensics (he served as the CTO on Rand Paul’s presidential campaign).
Schnell’s analysis of the email headers is that these emails really did go back to Essential, not to a random scammer. Here’s how he characterized it on Reddit:
It is not a Phishing scam. It is a misconfiguration. The DKIDs check-out, and the replies are actually going to Essential (and then many other people). I've accumulated quite a collection of D/Ls, Passports, credit card statements, phone numbers, and e-mail addresses. This is unbelievable.
What appears to have happened is that Essential had a list of customers it needed to verify to prevent fraud, so it sent them an email requesting more information. But that email
address was set up as a group email, which meant that replies sent to it went to everybody on that email list. It was a misconfigured customer support address on Zendesk, a customer service portal..."
This isn’t just some random person making a blatantly obvious phishing email.
This seemed to come internally.
Of course, the fact that one needed a photo ID should be a red flag, but this is still concerning.
There’s no need to come to defend the company. This is the last thing Essential needs.
I agree, defecation like this happen's to all corporations. One might have a valid complaint over delay's in shipping, but not this.
Hate to say it dude, but aitt is right... This isn't necessarily Essentials fault, but you have compromised your credibility through a lack of any objectivity...
And it certainly doesn't help to blame the victims of the crime... Just makes you look like a bit of a git really...
These fraudsters do this all the time, I have received numerous emails disguised as my credit card company, these fraudsters also send out texts dusguised as your credit card company, anyone who read that email and furnished the information that it was asking you to furnish needs to get out of their parents basement.
The essential should hopefully be in your hands or at least a few customers hands today whoever preordered the phone as the 31st of August is on trackers.
The worse thing about this all is Essential has done nothing to address the issue formerly. Have to rely on the internet and reddit just to get information. Just shut the site down and only tell people "they are looking into it". The damage has been done. This is the worse bunch of amateurs I have seen run a company. They can't even secure their customer's data.
And why exactly would essential have that type of information, they would not, only if the fool replied to that bogus email and submitted such information, which no company asks for.
Essential does not have my credit card information, does not have my social security information, does not have my passport or driver's license information. No company asks for such things for any type of transaction, it's the idiots who furnished that information to the fraudsters somewhere in Bangladesh.
It never ends with this company.
Agreed. But the other issues with this launch..unacceptable.
LOL I love how you will defend this company no matter what, I hope they are paying you otherwise it is pathetic.
Holy shitski
https://twitter.com/SnazzyQ/status/902775454259609600
Twitter and FB have been blowing up with people reporting fraudulent CC transaction. Their site is now currently down. I wish I never dealt with this company.
Luckily, I used Affirm so my personal data and not financial has been compromised. What a complete clusterf*ck of a company to deal with.
This. All they have done is ignored customer complaints and lied through the launch. I also went through Affirm and am one of the fortunate ones to actually get a tracking number on a phone.
Hell I don't even know when I can return the phone now considering this crap. Let alone be able to actually return it with no issues.
Refuse delivery and do a chargeback on the card.
I went through Affirm so I would still have to wait for them to get a cancel refund from Essential. And as screwed up as Customer Service was, I wouldn't dare refuse the package and have it shipped back to China and then something goes wrong. The phone will be here tomorrow. Hopefully by the grace of God, I can at least reach them through phone, which I never do, to get a return fed ex. If their site is not back up by then, most likely I won't.
So now when you call their support line, it says please request a call back. WTF. Sigh.