Edison: Access to third-party mails allegedly no longer possible


The Edison email service apparently fixed a serious security vulnerability that allowed other users' emails to be viewed in the iOS app. The problem was completely eliminated and all email accounts secured again, the provider announced on Monday. The introduction of cross-device account management last Friday caused a "temporary error" in the iOS app and enabled unauthorized access to external inboxes.

The problem affected only some users of the iOS app – there are 6,480 users at Edison – but not the Mac and Android version of the email client. Access data or passwords were never compromised. Edison had withdrawn the iOS app update over the weekend after users reported the sudden glimpse into someone else's email account. Over the weekend, all potentially affected users were temporarily completely blocked from email access in the Edison app and only restored with an update published on Sunday.

According to the provider, all users affected by the error were contacted and, as a precaution, asked to change their email passwords. The problem was a bug and not an "external security problem", Edison emphasized.

Edison is financed through the evaluation of shopping, travel data and email marketing, for this purpose the corresponding purchase confirmations, invoices and advertising letters received from users are analyzed – Edison therefore depends on the user and the email used. Mail provider. One tries to temporarily store as little data as possible on one's own servers, writes Edison. Access data should only be stored locally on users' devices.


. (tagsToTranslate) email (t) Edison (t) iOS