Exploit: Coding error
Edison Mail: Email application
Risk to Small Business: 2.171 = Severe
A coding error in Edison Mail’s popular iOS app allowed messages to be viewed by other users. The update was released on Friday, May 15th, and the company claims that it was repaired by the end of the weekend. However, for an app that touts its advanced security features, this oversight undermines one of its primary selling points. What’s more, three days is an eternity in the cybersecurity space, giving bad actors ample time to take advantage of this vulnerability. Users, incensed by the oversight, aggressively criticized the platform on social media, adding a PR component to an already-arduous recovery process.
Individual Risk: 2.602 = Moderate
The app’s flaw only applies to iOS users who downloaded the update on May 15th. Many victims noted that they could read up to 100 emails from accounts that didn’t belong to them, potentially compromising anything in those messages. Those impacted by the breach should carefully monitor their accounts for misuse, and they should consider enrolling in credit and identity monitoring programs to help secure their information if it falls into the wrong hands.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: After years of seemingly endless cybersecurity incidents, many consumers are finally fed up with companies that can’t protect their privacy. As many users commented on social media, this event undermined their trust in the application, which could prompt them to turn to a competitor for a more compelling platform. In this way, cybersecurity can be considered a bottom-line differentiator that can make or break companies in the digital economy.
Source:
https://threatpost.com/edison-mail-ios-bug-exposes-emails-to-strangers/155814