Details
-
Bug
-
Resolution: Invalid
-
Medium
Description
I just created a new team account username of "arenabt". I did that as a previously unknown user without being logged into any existing BitBucket accounts.
As part of that registration process I added my personal account as a member "LachlanG". The "LachlanG" account was added successfully as an administrator. I added no other members.
However upon inspecting the list of members I saw that there were 2 members not 1. There was my account "LachlanG" and also another account "lachlang" who had also been added as an account administrator.
I've since messaged "lachlang" who it turns out is a real person who says they registered only recently via their github account.
I've removed "lachlang" from our list of members so there is no problem right away but it is troubling that a stranger received administrator access to our albeit empty team account.