:S
This seems like a security issue and I have no idea how it may have happened.
I'm on Joomla 3.4.0, CB 2.0.7, CBSubs 4.0.0-rc.1, Kunena 3.0.7.
I have a private community with a forum, with only paid and approved members. We have about 300 active members which get to see the forum and post.
Today, after one of a users "Robyn" posted in one of the threads, she noticed it was posted as another user "Julie" (who was logged in at the time). Thankfully these are very kind human beings and they let me know right away. "Julie" told me she could edit the post that "Robyn" had just posted which came up in her, "Julie's" name.
"Robyn" told me after seeing that the pot came up in "Julie's" name, she noticed she was logged in as "Julie". She promptly logged out and in again as herself once again. These two people are not acquaintances and live on different continents, so they have never shared credentials much less a computer.
In the database I could see that the post was labeled with "Julie's" username and user id, but the IP address corresponded to "Robyn".
"Robyn" and "Julie" both use iPads (the devices from hell if you ask me).
The only other strange issues I've had in the past was with this same user "Julie" who was seeing the wrong images (switched icons) throughout the site. After clearing cache it went to normal. At the time I blamed this on the way Apple assigns random strings to the cached images (I may be wrong, but that's what I remember seeing some time ago).
This however is another can of worms, and a potential security risk.
I'm not sure what can be done about it, but I just wanted to report it.
Thank you,
Tomás
krileon
