Software bug (now resolved) could have allowed unauthorized account access

Hi folks, this is a Forum thread for discussing the bug we found and fixed today that could have allowed unauthorized access to accounts without email addresses: https://www.inaturalist.org/blog/48303-software-bug-now-resolved-could-have-allowed-unauthorized-account-access I’ll try and answer as many questions as I can, but please check out the blog post and the included FAQs.

20 Likes

I don’t have anything substantial to say, but I want to thank you and the rest of the iNat team for all your hard work! You guys found this and fixed it within a day, which is more than I can say for a lot of websites. Thank so much!

22 Likes

Was my account involved in the incident?

I’m not seeing any clear evidence of that, Myles. Your account has an email address associated with it, which means you would not have been the subject of this kind of access. I’m going to DM you with some follow-up questions, though.

1 Like