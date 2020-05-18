Some Edison Mail users discovered over the weekend that they could access emails from strangers within the app.

The company explained that a software bug was responsible for unauthorized access, not a security breach.

Edison Mail fixed the problem and caused 6,480 affected users to reset their passwords.

Edison Mail explained to 9to5Mac What happened.

10 hours ago, a software update was implemented for a small percentage of our iOS users. Some of these users who received the update are experiencing an app crash affecting email accounts that caught our eye this morning. We have quickly rolled back the update. We are reaching out to affected Edison Mail users (limited to a subset of those users who have updated and opened the application in the last 10 hours) to notify them. At this point this appears to be a bug and not a security breach.

Then the company addressed the issue in a blog post. Edison Mail emphasized the fact that account credentials were not compromised in the process and the issue was fully resolved within 30 hours of the first report "by,quot; blocking "access to application users Edison potentially impacted iOS and any app emails. "

The company explained that the bug only affected "6,480 potentially affected Edison Mail iOS users,quot; after a software update. All clients have been notified to reset their passwords.

I just updated @Edison_apps Mail, and after enabling a new sync feature, an email account that is NOT MINE appeared in the app, which you could apparently delete entirely.

This is a SIGNIFICANT security issue. Access someone else's email without credentials! I will never trust this app again. – Zach (@zmknox) May 16, 2020 %MINIFYHTML01fd79b772dcbfdaf453a373b244446617%

A new version of the app was available Sunday morning, the company notes. The app restored full functionality for the 6,480.

Hello @Edison_apps I just updated the email app and now I can see the email from two accounts that I have never heard of in my life. I think you have a major security flaw. The three accounts that start with the name Chris are mine. The others are not. pic.twitter.com/1KURaAqaNh – Audiophile style (@audiophilestyle) May 16, 2020

The company made it clear that the fault was with a software update, without explaining what went wrong:

On Friday, May 15, 2020, a software update allowed users to manage accounts on their Apple devices. This update caused a technical malfunction that affected approximately 6,480 Edison Mail iOS users. The problem only affected a fraction of the users of our iOS application (and no Android or Mac user was affected). This temporary issue was an error and is not related to any external security issues.

Edison may have acted quickly to fix the problem, but this does not change the fact that strangers were able to access other people's emails for a short period of time. It is great news that Edison Mail was not hacked, but it is still a huge privacy violation, and something that should never happen within an email client, or any application that is supposed to protect sensitive data.

