Third-party email app Edison Mail was forced to roll back an update to its iOS version after it gave people access to the messages of strangers.
The update was supposed to allow Edison Mail users to sync their data across devices. However, shortly after its release, people started seeing messages from other accounts and other devices, The Verge reported.
A reader told The Verge that after applying the update, he saw more than 100 unread emails in the account of a stranger. He added that he gained access to the messages without being required to enter any credentials.
Twitter was also awash with reports of the strange behavior of Edison Mail.
@Edison_apps Guys, I see strangers' e-mail in my app after you added sync features. I can see their email, so they can probably see mine. Despite what your blog post says I CANNOT change my sync account and all I can do is block myself and them from ever using the app. Clusterf*.
— Thomas W (@trezzer) May 16, 2020
Hi @Edison_apps I just updated the email app and I can now see the email of two accounts that I’ve never heard of in my life. I think you have a huge security flaw. The three accounts starting with the name Chris are mine. The others aren’t. pic.twitter.com/1KURaAqaNh
— Audiophile Style (@audiophilestyle) May 16, 2020
@Edison_apps not my email. Not my device. How can this still be going one and how can you not communicate anything. Clearly someone with the device “Mandy’s iPhone) currently has full access to my email accounts. Please tell me the data deletion works at least?
— Petter Magnusson (@MagnussonP) May 16, 2020
Edison Mail eventually started replying to the reports on Twitter, claiming that the issue only affected “a small percent” of its users, and that it was reaching out to those who were affected.
We are urgently working to resolve this technical problem in Edison Mail. Yesterday a software update rolled out to a small percent of our users. We have reverted that now and are reaching out to users who have been impacted as fast as we can.
— Edison (@Edison_apps) May 16, 2020
The company behind Edison Mail claimed that it was a bug that caused people to see the emails from other accounts, and not a security breach. After rolling back the update, a fix to the issue is now in the works.
People who are using Edison Mail on their iOS devices might want to consider changing their passwords, not just for their email accounts but also for other services whose log-in credentials may be found within their messages. Access to others’ emails may have only been a momentary lapse on the end of Edison Mail, but that may be all that is needed for passwords to be compromised.
Edison Mail privacy concerns
Edison Mail is among the best email apps for organizing inboxes, as it comes with an assistant that automatically categorizes emails into sections such as Travel, Entertainment, and Packages.
However, Edison Mail was recently involved in a Motherboard report that found certain third-party email clients scraping users’ inboxes for profit. Edison Mail was said to be selling anonymized data and analytics that the app acquired from users’ accounts to corporations in the finance, travel, and e-commerce sectors.
In addition to Edison Mail, the report also mentioned CleanFox and Rakuten’s Slice as third-party email platforms that submit information to companies, which then process the information for marketing campaigns and future product development.