Edison Mail Sync Bug Allowing Access to Other Users’ Email Accounts
The new sync feature was recently rolled out by Edison to allow connected email accounts to show up across all of your devices, but clearly something has gone significantly wrong with the feature.
I just updated @Edison_apps Mail &, after enabling a new sync feature, an email account THAT IS NOT MINE showed up in the app, that I could seemingly axcess completely.
This is a SIGNIFICANT security issue. Accessing another’s email w/o credentials! Never trusting this app again.— Zach (@zmknox) May 16, 2020
@Edison_apps Guys, I see strangers’ e-mail in my app after you added sync features. I can see their email, so they can probably see mine. Despite what your blog post says I CANNOT change my sync account and all I can do is block myself and them from ever using the app. Clusterf*.
— Thomas W (@trezzer) May 16, 2020
Users have also reported being able to see that other devices are linked to their accounts, indicating that others are able to see their emails.
@Edison_apps not my email. Not my device. How can this still be going one and how can you not communicate anything. Clearly someone with the device “Mandy’s iPhone) currently has full access to my email accounts. Please tell me the data deletion works at least?
— Petter Magnusson (@MagnussonP) May 16, 2020
Edison has yet to reply to any of the tweets from users reporting the issue, but at this time it certainly seems advisable for Edison Mail users who have enabled the sync feature to delete their email accounts from the app.
While it’s unlikely that users would be able to directly see the passwords of others’ email accounts, affected users may still want to change the passwords on their email accounts for some added peace of mind until more details on exactly what the issue is surface.
(Thanks, Chris!)