Edison Mail rolls back update after iOS users reported they could see strangers’ emails

  News, Rassegna Stampa
image_pdfimage_print

Edison Mail has rolled back a software update that apparently let some users of its iOS app see emails from strangers’ accounts.

Several Edison users contacted The Verge to report seeing the glitch after they applied the update, which was meant to allow users to sync data across devices. Reader Matthew Grzybowski said after the update he had more than 100 unread messages from the UK-based email account of a stranger. He didn’t have to enter any credentials to see the emails, Grzybowski added.

Others on Twitter reported similar issues:

The company said it was a bug, not a security breach, and that the issue appeared limited to users of the iOS app.

“Ten hours ago a software update was rolled out to a small percentage of our user base. Some of these users who received the update are experiencing a flaw in the app impacting email accounts that was brought to our attention this morning,” the company said in an email to The Verge. “We have quickly rolled back the update. We are contacting the impacted Edison Mail users (limited to a subset of those users who have updated and opened the app in the last 10 hours) to notify them.”

Probably not a bad idea to change your password if you use Edison Mail just to be on the safe side.

https://www.theverge.com/2020/5/16/21260967/edison-mail-update-ios-security-bug