Data Leakage

Minor bug but I figured I'd report it...

Forum accounts don't get created until the associated Ingress user logs in. This means you can tell who has logged in, which is not a huge deal.

However. the software seems to be smart enough to ban forum accounts for banned users -- again, only if they've logged in. Thus, if a banned user tries to log in, you can check their profile based solely on their agent name and discover whether or not they've been banned.


  • MrCathulhuMrCathulhu ✭✭✭

    I don't understand how this is a problem?

  • CriminalBizzyCriminalBizzy ✭✭✭✭

    The account exists in the forums with some sort of banned tag on it. This leads to a leak of confidential information since NIA afaik does not publicly release information on banned accounts.

  • StranditStrandit ✭✭✭

    You can ping people in scanner, of course, but this is substantially easier and nobody can see you doing it.

    Also, there's the possibility that temp bans will interact with this in some fun way. Someone go get temp banned so we can find out, please.

  • JorgeLocoJorgeLoco ✭✭✭

    I nominate you @Strandit

  • ZennZenn ✭✭✭✭
    edited June 2019

    seems like they may pull other info from a players account... maybe one day badge totals and stuff, for unique flair (im on board) but then that could open a vector where people could mine for data or gleen or even hack data. so in the same vein, i hope they are careful in this regard.

Sign In or Register to comment.