Thousands using the popular third-party email client, Edison Mail, accidentally gained full access to the email accounts of other users due to a software glitch.
The temporary issue, which occurred when iOS users enabled a new account syncing feature, was widely reported online following the release of an update last week.
This bug, which has now been resolved, inadvertently caused individuals’ inboxes to synchronise with other users’ accounts, leading to a significant violation of privacy.
Edison Mail allows users on hardware manufactured by Apple, including iPhones, iPads and Macs, as well as Android devices, to manage their email inboxes and synchronise them across their hardware. Edison Mail also boasts fast loading times, functionality to categorise messages, and claims to offer an ad-free experience.
An update rolled out on 15 May, however, caused a “technical malfunction” that allowed users to gain full access to inboxes belonging to others, in their entirety. This incident affected 6,480 Edison Mail iOS users, according to the company.
“A security bug was introduced for a small fraction of our iOS users,” the company said. “We have rolled that update back. All impacted users are being logged out and will need to re-login.
“We have resolved the recent security issue in Edison mail for iOS and secured all potentially impacted accounts. We apologize to all and are fixing our processes so this does not happen again.”
The company added that although data from these individuals’ email accounts was exposed to other users, no passwords were compromised. A subsequent patch was issued on 16 May to eliminate this undue exposure.
RELATED RESOURCE
Don’t just collect data, innovate with it.
Removing the barriers to the experience economy
This patch, as a precaution, prevented all potentially impacted users from being able to access any mail from the Edison app, effectively bricking their apps. This was before a new version of the application was made available on Sunday that restored full functionality for the thousands affected.
-
The IT industry’s shift to circular, low-carbon solutionsMaximize your hardware investment and reach your sustainability goals with HP’s Renew Solutions
-
Lenovo ThinkPad X9 14 Aura Edition reviewReviews This thin and light ultraportable will draw you in with its vibrant screen – but it isn't as powerful as some of its competitors
-
Should your business start a bug bounty program?In-depth Big tech firms including Google, Apple and Microsoft offer bug bounty programs, but can they benefit smaller businesses too?
-
OpenAI to pay up to $20k in rewards through new bug bounty programNews The move follows a period of unrest over data security concerns
-
Windows 11 System Restore bug preventing users from accessing appsNews Microsoft has issued a series of workarounds for the issue which is affecting a range of apps including Office and Terminal
-
Windows 10 users encounter ‘blue screen of death’ after latest Patch Tuesday updateNews Microsoft said it is working on a fix for the issue and has offered users a temporary workaround
-
SpaceX bug bounty offers up to $25,000 per Starlink exploitNews The spacecraft manufacturer has offered white hats immunity to exploit a wide range of Starlink systems, with a dedicated report page
-
Microsoft announces lucrative new bug bounty awards for M365 products and servicesNews The new awards will focus on scenario-based weaknesses and offer bonuses of up to 30% for the most severe bugs
-
Adobe forced to patch its own failed security updateNews Company issues new fix for e-commerce vulnerability after researchers bypass the original update
-
Google doubles bug bounty rewards for Linux, Kubernetes exploitsNews The increased rewards are said to align better with the community's expectations of a bug bounty programme of this kind
