CMF by Nothing is launching its first-ever smartphone today (July 8th) along with a TWS and a smartwatch. Naturally, the company is busy marketing its products, especially the CMF Phone 1. One of these marketing campaigns is the Student Referral Program, where participants can refer other students to climb up the leaderboard and earn a CMF Phone 1.
However, according to an X user, this program had several issues right from the start. Many users were unable to receive an OTP after entering their email addresses. User @PChillu77210 on X (formerly Twitter) was frustrated enough to use “response manipulation” and bypass the OTP verification. According to him, it was surprisingly easy to bypass the OTP verification on this program by CMF.
ALSO SEE: 4K Recording Mobile Phones Price List 2024
Once the OTP verification is done, the program asks you to enter your personal information, such as your name, address, and phone number. Once it has all the information that it needs, you can enter a referral code to earn a point (more on this later).
After a successful registration, @PChillu77210 on X (formerly Twitter) noticed that the URL of the webpage had something fishy going on. He found the API of the website appended to the URL. There, he found the database of several participants who had shared their personal information on the website as a part of the referral program.
The personal information includes—
- Full name
- Email address
- Phone number
- State
- City
ALSO SEE: Telephoto Lens Mobile Phones Price List in India 2024
@PChillu77210 explained that anyone’s personal information can be searched using a referral code. They also stressed that this information is publicly accessible to anyone (webpage has now been taken down).
Now, the CMF by Nothing Student Referral program is about getting as many users into the program as you can. Each referral will get you 2 points and help you climb the leaderboard. The top 50 users on the leaderboard (with the most points) will get a free CMF Phone 1.
ALSO SEE: 1TB SSD Laptops Price List in India 2024
It’s not the first time…
It’s not the first time we have had a privacy issue with Nothing or its sub-brand. In the past, there have been some serious privacy slip-ups with CMF and Nothing. Take the CMF Watch Pro, for example, where the watch would display someone else’s watch face photo on other users’ watches.
Or the Nothing Chats mess, where unencrypted messages left users’ private conversations exposed. And let’s not forget the Nothing Community data leak, which made several users’ emails publicly accessible.
Nothing’s response?
Nothing is yet to issue an official statement on this. At the time of writing, the webpage in question seems to have been taken down. If this is indeed true, we urge Nothing to step up and issue a sincere apology.
They need to fix this as soon as possible and ensure top-notch security measures are in place to prevent future breaches. And remember—being transparent and determined about user privacy is key to building trust and maintaining credibility.
You can follow Smartprix on Twitter, Facebook, Instagram, and Google News. Visit smartprix.com for the latest tech and auto news, reviews, and guides.
