Edison Mail Resolved Software Security Bug Which Allowed Two Users to Access Each Other’s Accounts — 6,480 Potentially Impacted

No account credentials were compromised; issue was fully resolved within 30 hours of first report.

Edison
Edison
May 18, 2020 · 2 min read

Key Takeaways:

  • A recent server-side update to a fraction of our iOS users introduced a security bug that allowed unauthorized email account access between two users. User A and User B could access each other’s accounts connected to Edison Mail for iOS, no other unauthorized access occurred.

On Friday, May 15th, 2020, we made a server-side update to a feature that allows iOS users to manage accounts across their Apple devices. This update caused a technical malfunction that impacted approximately 6,480 Edison Mail iOS users. This temporary issue was a security bug and not related to any external security issues.

Data from these individual’s impacted email accounts may have been exposed to one other user. Only one user could access another user’s accounts connected to Edison Mail for iOS. No passwords were compromised. On Saturday morning a patch was deployed to remove and prevent any further exposure. As a safety measure, the patch prevented all potentially impacted users from being able to access any mail from the Edison app.

A new version of the application was made available early Sunday morning in the App Store that restores full functionality for these 6,480 users. Other users were not impacted and no action is required.

We have notified all individual users who may have been impacted by this issue via email, and as an additional safety precaution, suggested that impacted users also change their email account password. If you did not receive an email on this issue then your account was not impacted.

We thank the users who reached out quickly to notify us of this issue so we could address it as fast as possible. We understand that it is our responsibility to ensure this type of malfunction does not happen and apologize to those impacted users. We are putting in place additional functionality and processes to ensure that this never happens again.

Changing Communications

Creating more intelligent products to serve people at…

Edison

Written by

Edison

Edison Software is a consumer technology company with a mission to create more intelligent products to serve people. www.edison.tech

Changing Communications

Creating more intelligent products to serve people at edison.tech.

Edison

Written by

Edison

Edison Software is a consumer technology company with a mission to create more intelligent products to serve people. www.edison.tech

Changing Communications

Creating more intelligent products to serve people at edison.tech.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store