Issue #6644 invalid

Stranger added as administrator of our new team account

LachlanG
created an issue

I just created a new team account username of "arenabt". I did that as a previously unknown user without being logged into any existing BitBucket accounts.

As part of that registration process I added my personal account as a member "LachlanG". The "LachlanG" account was added successfully as an administrator. I added no other members.

However upon inspecting the list of members I saw that there were 2 members not 1. There was my account "LachlanG" and also another account "lachlang" who had also been added as an account administrator.

I've since messaged "lachlang" who it turns out is a real person who says they registered only recently via their github account.

I've removed "lachlang" from our list of members so there is no problem right away but it is troubling that a stranger received administrator access to our albeit empty team account.

Comments (4)

  1. Jesper Nøhr

    Lachlan,

    I've been trying to reproduce this, to no avail. Are you absolutely certain that at the time of creation, you didn't accidentally add "lachlang"? You should've already been added as an administrator without needing to do that action explicitly, so perhaps there was some confusion at this step.

    I'm just trying to gather enough information so I can reproduce and fix this, if it really is a bug.

  2. Log in to comment