Security

Update in “Edison Mail” for the iOS Gave Users Access to Other People’s Email

Written by Bill Toulas
Last updated September 25, 2021

An update that was pushed recently for the iOS app of the "Edison Mail" has somehow scrambled the access of users on their accounts, so some got to read other people's emails. The catastrophic update was rolled back as soon as the effects were noticed, but still, the damage privacy breach had been done. One could have very easily downloaded the emails of other users, get to know the secrets of strangers, possibly access their payment info or passwords, and take a look at their private communications.

The company said this was not the result of a security breach, but a bug that was introduced in the most recent update, and also added that there is only a small number (6,480) of iOS users who were affected by this flaw. As the company stated:

"Ten hours ago a software update was rolled out to a small percentage of our user base. Some of these users who received the update are experiencing a flaw in the app impacting email accounts that was brought to our attention this morning. We have quickly rolled back the update. We are contacting the impacted Edison Mail users (limited to a subset of those users who have updated and opened the app in the last 10 hours) to notify them."

While the 6,480 of iOS users does seem like a fraction of the Edison Mail's userbase, it's still a significant number of people who have been wholly and fundamentally compromised by this "malfunction". These people are now urged to log out and log in again, via an email that they got from Edison Mail. Of course, impacted users are also advised to reset their passwords on the app, as well as anywhere else they may be using the same credentials.

One technical detail that raises concerns over the entire Edison Mail community of users is that a client-side update has managed to somehow randomize account access routing in the system. The email account and the credentials that secure it should be protected inside a server that nobody could have gained access to. Additionally, the trust that users had in the app's testing and quality assurance has now been shaken. Surely, everyone has the right to blunder, but when it comes to accepting that a stranger has accessed your entire email account and credentials, this will be particularly hard to let go.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: