Today I accidentally opened the Mail App on my iPhone after many years, never used it but it is connected to my apple ID/ iCloud. When it opened I noticed it had around 40 emails started. Each one was a 'compose a new message' window and each one only had the 'to' email address filled in, nothing else.
This is an old iPhone 4s, running iOS 8 – not my main phone, keeping it for nostalgia more than anything.
This could have been several years of me accidentally tapping on peoples email addresses, and the app automatically opens this – and me never cancelling those, they just built up. However I don't recognise any of those email addresses and they were personal email addresses I don't recognise.
I've checked my iCloud account and the linked hotmail/outlook account from my laptop and it doesn't look like any emails were sent or received from the account, other than my own emails (which were only about 4 or 5 in total) – so no suspicious activities there.
So either a bunch of emails and the 'to' field was started and filled in and nothing else happened or the traces of sent emails were somehow deleted – which I don't know if that's possible.
Could this be a virus/malware? Is this a known issue/ bug?
EDIT: I've also check the iCloud/apple ID and when I sign in, I get a permission request on my mac and a code is displayed which I have to enter to log in – so if anyone had entered my account, I would have know from my mac. Right?
Best Answer
Tons of mails in a draft state is how things worked before IMAP and mail sync on iOS got better at handling this. Especially with gmail, this was a routine thing - dozens of drafts saved (littered) along the way.
I think you are fine if you know you have a secure password, aren’t seeing actual mails sent and can delete the mails. Extra bonus on the multi factor / alert, but older iOS devices might be grandfathered in as trusted, so perhaps change that in iCloud if you want a little extra resistance from this device without wiping it or signing out.
If you’re paranoid, erase all content and settings on the device, but just the presence of 40 to 100 drafts seems harmless in my experience. Without some other indicator you lost control of the device or the account credentials, I’d just keep it in mind and watch things.