Edison Mail has rolled back a software update that apparently let some users of its iOS app see emails from strangers’ accounts.
Users of the popular email app Edison Mail have taken to the web to report the glitch that occurs after they applied the update. The update includes a new sync feature that reportedly allows connected email accounts to show up across all of a user’s devices, but clearly something has gone significantly wrong with the feature.
Other users have reported being able to see that other device are indeed linked to their accounts, “indicating that others are able to see their emails,” explains MacRumors.
Zach Knox was one of the first users that noticed the problem:
I just updated @Edisonapps Mail &, after enabling a new sync feature, an email account THAT IS NOT MINE showed up in the app, that I could seemingly access completely. This is a SIGNIFICANT security issue. Accessing another’s email w/o credentials! Never trusting this app again.
Another Edison Mail user also noticed the issue this morning, pointing out on Twitter that he can’t adjust his sync settings:
Guys, I see strangers’ e-mail in my app after you added sync features. I can see their email, so they can probably see mine. Despite what your blog post says I CANNOT change my sync account and all I can do is block myself and them from ever using the app.
Another user says that they can see that another iPhone has unauthorized access to their account:
Not my email. Not my device. How can this still be going one and how can you not communicate anything. Clearly someone with the device “Mandy’s iPhone currently has full access to my email accounts. Please tell me the data deletion works at least?
Edison Mail provided the following statement to 9to5Mac, explaining that the bug only affects iOS users.
10 hours ago a software update was rolled out to a small percentage of our iOS users. Some of these users who received the update are experiencing a flaw in the app impacting email accounts that was brought to our attention this morning. We have quickly rolled back the update. We are contacting the impacted Edison Mail users (limited to a subset of those users who have updated and opened the app in the last 10 hours) to notify them.
At this time this appears to be a bug and not a security breach.
Even so, it’s probably not a bad idea to change your password if you use Edison Mail — just to be on the safe side.