I’m not having an issue with the forums itself, it’s just I’ve found a page that I can access (have tested it across multiple browsers both logged in and logged out) that people probably should not be able to see. I’m not sure how to report this via ticket or if there is an email address that I should send it to.
That is different, but not the first time.
The only address for private reporting of vulnerabilities is hacks@blizzard.com but that is for game things. They can pass info on though.
I have passed on the message but it is a weekend so not sure who is around.
Can you give any hints without disclosing the issue? If it is the .json files for our profiles that is normal and the personal info is only displayed to the logged in user.
Something else though would be a reason to have questions.
It is not the .json files for the profiles. It is a page that has a list of thousands and thousands of characters, when those characters were added to the forums, the last time they posted on the forums and the last time they were seen on the forums. It doesn’t seem to expose any other data though. I will send an email to the email address you provided.
I think you mean something similar to this.
https://us.forums.blizzard.com/en/wow/t/b-license-145-beta-forum-access-but-no-beta-invite/640110
Ahh yes that is it.
If it helps any there are other groups, but you don’t always get the link in the profile.
Yep. I talked to Vrak about that last night. There were issues with getting proper forum permissions for Beta folks to post. I am sure you remember the posts. So they made a group on the forums for the Beta folks so they could have a group set of permissions.
So yes! Great question but it is all ok.