Edison Mail iOS bug gave strangers full access to others' emails

By Ewdison Then/May 17, 2020 8:33 pm EST

It's scary enough to learn that your email address may have been part of a recent hacking spree but it's probably short of horrific to find out that some random stranger, through no fault of their own, suddenly has full and unfettered access to your emails. That is, unfortunately, the experience that users of Edison Mail, which bills itself as the best email client for Apple's platforms, experienced even for a short while when the company rolled out a new syncing feature for its iOS app.

Edison Mail developers insist it was just a bug. They rolled out a new feature last Friday that allowed users to manage their mail accounts across all their Apple devices. Unfortunately, that bug randomly gave other people access to those email accounts, allowing them to do anything they want.

The uproar over the Internet was unsurprising, to say the least. It's one thing to hear of a hacker breaking into databases to pilfer data and another thing for some random Joe or Jane to suddenly have access to the same. In most cases would only be able to get email addresses and hashed/encrypted passwords. In this case, people are privy to all the emails that have been received and sent by the user, including, perhaps, emails with passwords and personal details.

@Edison_apps not my email. Not my device. How can this still be going one and how can you not communicate anything. Clearly someone with the device "Mandy's iPhone) currently has full access to my email accounts. Please tell me the data deletion works at least?

— Petter Magnusson (@MagnussonP) May 16, 2020

The good news, at least for some Edison Mail users, is that it only affected those using the iOS app. The company also says that it only affected a fraction of those users but later disclosed that number to be around 6,480 users. That's definitely not a small number, especially if you consider potential information coming from non-Edison users that could have been exposed.

Edison Mail reports that it has already fixed that bug and have contacted those affected users. They're asked to change their passwords immediately to be sure. That may work to prevent any hacking attempts arising from that fiasco but it may already be too late to put the cat back into the bag for information that may have already leaked.