Edison Mail flaw granted users access to other people's inboxes

The third-party email client has rolled back a faulty update after major privacy concerns were raised

Email symbols with padlock against dark background

Thousands using the popular third-party email client, Edison Mail, accidentally gained full access to the email accounts of other users due to a software glitch.

The temporary issue, which occurred when iOS users enabled a new account syncing feature, was widely reported online following the release of an update last week. 

This bug, which has now been resolved, inadvertently caused individuals’ inboxes to synchronise with other users’ accounts, leading to a significant violation of privacy.

Edison Mail allows users on hardware manufactured by Apple, including iPhones, iPads and Macs, as well as Android devices, to manage their email inboxes and synchronise them across their hardware. Edison Mail also boasts fast loading times, functionality to categorise messages, and claims to offer an ad-free experience. 

An update rolled out on 15 May, however, caused a “technical malfunction” that allowed users to gain full access to inboxes belonging to others, in their entirety. This incident affected 6,480 Edison Mail iOS users, according to the company.

“A security bug was introduced for a small fraction of our iOS users,” the company said. “We have rolled that update back. All impacted users are being logged out and will need to re-login.

“We have resolved the recent security issue in Edison mail for iOS and secured all potentially impacted accounts. We apologize to all and are fixing our processes so this does not happen again.”

The company added that although data from these individuals’ email accounts was exposed to other users, no passwords were compromised. A subsequent patch was issued on 16 May to eliminate this undue exposure.

Related Resource

Don’t just collect data, innovate with it.

Removing the barriers to the experience economy

Download now

This patch, as a precaution, prevented all potentially impacted users from being able to access any mail from the Edison app, effectively bricking their apps. This was before a new version of the application was made available on Sunday that restored full functionality for the thousands affected.

Featured Resources

Preparing for AI-enabled cyber attacks

MIT technology review insights

Download now

Cloud storage performance analysis

Storage performance and value of the IONOS cloud Compute Engine

Download now

The Forrester Wave: Top security analytics platforms

The 11 providers that matter most and how they stack up

Download now

Harness data to reinvent your organisation

Build a data strategy for the next wave of cloud innovation

Download now

Most Popular

Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Zyxel USG Flex 200 review: A timely and effective solution
Security

Zyxel USG Flex 200 review: A timely and effective solution

28 Jul 2021