Edison Mail Sync Bug Allowing Access to Other Users' Email Accounts [Updated]
Several users of popular email app Edison Mail this morning are reporting that they are able to see email accounts of other users within the iOS app. In what appears to be a major privacy breach, users report that after enabling a new sync feature, they have full access to these other email accounts.
The new sync feature was recently rolled out by Edison to allow connected email accounts to show up across all of your devices, but clearly something has gone significantly wrong with the feature.
I just updated @Edison_apps Mail &, after enabling a new sync feature, an email account THAT IS NOT MINE showed up in the app, that I could seemingly axcess completely.
This is a SIGNIFICANT security issue. Accessing another's email w/o credentials! Never trusting this app again. — Zach (@zmknox) May 16, 2020
@Edison_apps Guys, I see strangers' e-mail in my app after you added sync features. I can see their email, so they can probably see mine. Despite what your blog post says I CANNOT change my sync account and all I can do is block myself and them from ever using the app. Clusterf*. — Thomas W (@trezzer) May 16, 2020
Users have also reported being able to see that other devices are linked to their accounts, indicating that others are able to see their emails.
@Edison_apps not my email. Not my device. How can this still be going one and how can you not communicate anything. Clearly someone with the device “Mandy’s iPhone) currently has full access to my email accounts. Please tell me the data deletion works at least? — Petter Magnusson (@MagnussonP) May 16, 2020
Edison has yet to reply to any of the tweets from users reporting the issue, but at this time it certainly seems advisable for Edison Mail users who have enabled the sync feature to delete their email accounts from the app.
While it's unlikely that users would be able to directly see the passwords of others' email accounts, affected users may still want to change the passwords on their email accounts for some added peace of mind until more details on exactly what the issue is surface.
Update 8:35 a.m.: Edison has started replying to users on Twitter to say that the company is "urgently working to resolve this technical problem" and has reverted the change that introduced the problem for a "small percent of our users" yesterday.
We are urgently working to resolve this technical problem in Edison Mail. Yesterday a software update rolled out to a small percent of our users. We have reverted that now and are reaching out to users who have been impacted as fast as we can. — Edison (@Edison_apps) May 16, 2020