Edison Mail Sync Bug Allowing Access to Other Users' Email Accounts [Updated]

[MacRumors]

Several users of popular email app Edison Mail this morning are reporting that they are able to see email accounts of other users within the iOS app. In what appears to be a major privacy breach, users report that after enabling a new sync feature, they have full access to these other email accounts.

The new sync feature was recently rolled out by Edison to allow connected email accounts to show up across all of your devices, but clearly something has gone significantly wrong with the feature.

https://twitter.com/x/status/1261645534445604865

https://twitter.com/x/status/1261572858502877184

Users have also reported being able to see that other devices are linked to their accounts, indicating that others are able to see their emails.

https://twitter.com/x/status/1261658006443491328

Edison has yet to reply to any of the tweets from users reporting the issue, but at this time it certainly seems advisable for Edison Mail users who have enabled the sync feature to delete their email accounts from the app.

While it's unlikely that users would be able to directly see the passwords of others' email accounts, affected users may still want to change the passwords on their email accounts for some added peace of mind until more details on exactly what the issue is surface.

Update 8:35 a.m.: Edison has started replying to users on Twitter to say that the company is "urgently working to resolve this technical problem" and has reverted the change that introduced the problem for a "small percent of our users" yesterday.

https://twitter.com/x/status/1261681576456237056

(Thanks, Chris!)

Article Link: Edison Mail Sync Bug Allowing Access to Other Users' Email Accounts [Updated]

 

[Zoboomafoo]

Well, this isn’t great news. :/

 

[lolrepeatlol]

This is the nail in the coffin for Edison.

 

[TiggrToo]

Well, this isn’t great news. :/

Well, that's probably going to spell the death of Edison email. Not immediately, of course, but once the lawyers have got involved then...

 

[MacGizmo]

Keep using these 3rd party email clients cause they look cool or offer a feature here or there that Apple's built-in app doesn't have!

 

[frou]

 

[HiVolt]

And that's why I stay away from services that sync passwords, bookmarks, other stuff between devices, especially stuff from indie developers where who the hell knows data is being managed.

I guess one exception is iCloud.

 

[Hastings101]

Keep using these 3rd party email clients cause they look cool or offer a feature here or there that Apple's built-in app doesn't have!

This is why I would never use a client that isn't from one of the big three (Apple/Microsoft/Google). Not worth little surprises like this.

 

[Expos of 1969]

This is why I would never use a client that isn't from one of the big three (Apple/Microsoft/Google). Not worth little surprises like this.

What is your view on Protonmail?

 

[jezbd1997]

So glad I ditched this app years ago after I heard they can see and sell your data. Have no idea why anyone would still be using it... they will end up with an even bigger drop of users after this mess

 

[Blue Hawk]

This is why I would never use a client that isn't from one of the big three (Apple/Microsoft/Google). Not worth little surprises like this.

My experiences:

Apple Mail = sometimes no notifications or new emails are not showing up

Outlook = iCloud Mail only works for a few days

Gmail = It’s great but sometimes not getting notifications either

Outlook is my favorite, but as long they don’t fix the problem I cannot use it. And Edison is the only one which works.

 

[jcshas]

Keep using these 3rd party email clients cause they look cool or offer a feature here or there that Apple's built-in app doesn't have!

Agree. This is exactly why I never install 3rd party mail apps.

 

[TrulsZK]

This is definitely not good, That is exactly why you always use end-to-end encryption and transport the encryption key separately from the data itself.

And in the terms of password confirm the password on each device and do not transfer it in any way over the internet, without a second layer of encryption with a key the program does not know.

 

[Brodlum]

If macOS' Mail.app didn't decide to open itself every 15 minutes then I'd be a lot happier using it... But for now, back to Mac Mail it is; just removed all accounts from Edison 🙃

 

[I7guy]

How could a bug like this slipped through testing?

 

[TiggrToo]

And Edison is the only one which works.

Works so well that other people see your email as well. It's not a bug, it's a "feature"... 🤦‍♀️

 

[Blue Hawk]

Works so well that other people see your email as well. It's not a bug, it's a "feature"... 🤦‍♀️

In my eyes it’s a security issue like the ones in the Apple Mail. It’s not easy no chose the right one.

 

[Apple_Robert]

In my eyes it’s a security issue like the ones in the Apple Mail. It’s not easy no chose the right one.

Are you going to keep using Edison, even though a lot of strangers may be reading your emails right now?

 

[dogslobber]

Agree. This is exactly why I never install 3rd party mail apps.

Except Thunderbird.

 

[Apple_Robert]

Keep using these 3rd party email clients cause they look cool or offer a feature here or there that Apple's built-in app doesn't have!

Valid point. To be fair, Apple could experience some kind of user security breach with the Amazon servers or from buggy software exploit or failure.

 

[ikramerica]

If macOS' Mail.app didn't decide to open itself every 15 minutes then I'd be a lot happier using it... But for now, back to Mac Mail it is; just removed all accounts from Edison 🙃

My mail.app quits every 15 minutes so I guess it evens out?

 

[agmmac]

Keep using these 3rd party email clients cause they look cool or offer a feature here or there that Apple's built-in app doesn't have!

Apple Mail has always worked well enough for me on Mac and iOS, although I miss Eudora a bit.

 

[calderone]

From the website.

Privacy First. Always.
Your mail is encrypted during transport, and securely delivered to your phone. Plus, take advantage of the added security of Face ID and Touch ID.

At least your mail was securely transported to the other persons device!

 

[mimeArtist]

I only installed it last week, have now revoked access in google accounts and deleted the app - Does anyone know if the sync is set up by default or is it something I would have had to enable - Don‘t really want to reinstall to find out!
[automerge]1589643183[/automerge]
Hmm... looks like it does it automatically — https://mailsupport.edison.tech/hc/en-us/articles/360043058932-Preference-Backup-and-Device-Sync

 

[Blue Hawk]

Are you going to keep using Edison, even though a lot of strangers may be reading your emails right now?

Absolutely not. Deleted my data there. Switched back to Outlook. And I still have Apple Mail to see if i get every iCloud Mail notification.