Edison Mail Resolved Software Security Bug Which Allowed Two Users to Access Each Other’s Accounts — 6,480 Potentially Impacted

No account credentials were compromised; issue was fully resolved within 30 hours of first report.

Edison
Edison
May 18 · 2 min read

Key Takeaways:

  • A recent server-side update to a fraction of our iOS users introduced a security bug that allowed unauthorized email account access between two users. User A and User B could access each other’s accounts connected to Edison Mail for iOS, no other unauthorized access occurred.
  • Up to 6,480 Edison Mail iOS users were potentially impacted.
  • Android and Mac OS users were not impacted.
  • No passwords or credentials were exposed or compromised.
  • Edison Mail has since resolved the issue.
  • As an additional precaution, Edison has already notified impacted users and advised them to change their email account password. If you have not received an email, you were not impacted.

On Friday, May 15th, 2020, we made a server-side update to a feature that allows iOS users to manage accounts across their Apple devices. This update caused a technical malfunction that impacted approximately 6,480 Edison Mail iOS users. This temporary issue was a security bug and not related to any external security issues.

Data from these individual’s impacted email accounts may have been exposed to one other user. Only one user could access another user’s accounts connected to Edison Mail for iOS. No passwords were compromised. On Saturday morning a patch was deployed to remove and prevent any further exposure. As a safety measure, the patch prevented all potentially impacted users from being able to access any mail from the Edison app.

A new version of the application was made available early Sunday morning in the App Store that restores full functionality for these 6,480 users. Other users were not impacted and no action is required.

We have notified all individual users who may have been impacted by this issue via email, and as an additional safety precaution, suggested that impacted users also change their email account password. If you did not receive an email on this issue then your account was not impacted.

We thank the users who reached out quickly to notify us of this issue so we could address it as fast as possible. We understand that it is our responsibility to ensure this type of malfunction does not happen and apologize to those impacted users. We are putting in place additional functionality and processes to ensure that this never happens again.

Changing Communications

Creating more intelligent products to serve people at…

Edison

Written by

Edison

Edison Software is a consumer technology company with a mission to create more intelligent products to serve people. www.edison.tech

Changing Communications

Creating more intelligent products to serve people at edison.tech.

Edison

Written by

Edison

Edison Software is a consumer technology company with a mission to create more intelligent products to serve people. www.edison.tech

Changing Communications

Creating more intelligent products to serve people at edison.tech.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store