This recently happened to me I made a new account and I joined my group (no special role) I just had the regular starting group rank but I was able to edit my game through my account without any special permissions so this is definitely effecting other games. (This is a heads up for any other developers)
1 Like
How is the investigation going? What is currently known? How close are you folks to determining whether this is user error or a real security vulnerability? 1 hour without updates can feel like an eternity for critical incidents like this
5 Likes
Please only reply if you have further bug reports or some suggestions or other content to add to the discussion. Bug reports aren’t places for discussion, especially with more serious ones like these where it’s important that critical information doesn’t get lost in a sea of replies 
4 Likes
If I am reading this right, for this bug to happen, you have to give a role edit perms, turn on team create, then remove their perms, but because TC is on, they still have it?
If this is the case, I assume turning TC off and on again will refresh the permissions?
1 Like
Sadly, we tried this over a week ago when we posted this thread.
4 Likes
Hi all,
Thanks for your patience with this. We have investigated and so far believe that only this game is impacted, and are working closely with the developer to resolve the issue. We will provide more details once we have confirmed what happened.
44 Likes
As mentioned, this seems to be a visual glitch, so somewhere along the road, a website script may have broken and allowed these people to gain access.
As @Refactor has stated, when refreshing the page, new looks appear.
So, I can only presume that it is not a hacker, but in fact a loop of some sort breaking. Though this does not mean people are ignoring it, no, some people are abusing this presumed bug.
My deepest regards for you and your team.
1 Like
Hi all,
The issue is now resolved. There was a bug where developer permissions were incorrectly cached, giving members of a specific roleset, which historically had game edit permissions, intermittent access to developer functionality. We patched the issue which was leading to cache inconsistency and cleared the cache so any illegitimate access was revoked.
Here are some of the things we are doing to make the situation better going forward:
- Checking our other systems to ensure they are not affected by similar issues
- Reviewing our internal processes to ensure reports like this are addressed sooner
- Investigating how we can provide audit logs so developers can check who is making changes to their content
Thank you all for your patience as we dealt with this issue!
44 Likes
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.