Sonos goofs again – this time revealing customers’ email addresses in Cc: blunder

Graham Cluley
Graham Cluley
@[email protected]

Sonos goofs again - this time revealing customers' email addresses in Cc: blunder

Sonos hasn’t had the best start to 2020, and it just got a little bit worse.

Earlier this month it announced that from May it would no longer be pushing out software updates to some of its legacy speaker hardware and (to make things worse) if you had a mixture of newer and older Sonos equipment inside your home none of them would be receiving any updates!

There has since been a partial U-turn on that, with Sonos’s CEO saying that the firm was working on a way to allow customers to split their systems so that modern products could work together and get the latest features, while legacy products work together and remain in their current state without updates.

Sign up to our free newsletter.
Security news, advice, and tips.

It’s been something of a communications crisis for Sonos, which it should really have thought through in advance. And one of the consequences has been that Sonos’s customer service team has been inundated with concerned emails from some (quite understandably) grumpy customers who have invested a lot of money in their speaker systems.

To handle the barrage of emails, Sonos’s European customer service department has been sending out a generic email as they try to work through the backlog.

The email begins:

Dear Customer,

Thank you for contacting Sonos. Your query is important to us.

We apologise for the delayed response. Since last week we received an unprecedented number of emails which means we are unable to get back to you within our normal service levels.

If you query is regarding our Life Cycle communication please see a blog…

So what’s wrong with that? Well, as BBC News reports, a customer service representative made the mistake of emailing it to 475 customers… by including all 475 email addresses in the Cc: field rather than the Bcc: field.

Customers, understandably, were not impressed to find that Sonos had shared their email address with everyone else on the list.

Sonos shared a statement with BBC News apologising for the error. Presumably they also sent it to other news outlets too. Hopefully Bcc’ing them.

Pretty embarrassing for Sonos to be sure, but not quite as embarrassing as the time the Dutch data protection authority had to report itself to itself after suffering a similar data breach.

Problems like this can be avoided by having an email client warn that you have a ridiculously large number of people in the Cc: field and ask for confirmation that the email really should be sent.

Found this article interesting? Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.