My CEO had a mini-panic attack that a private project in a workspace setup to join by request was visible to employees.
The reason why is that in the iOS mobile app it appears that there are many members in the Executive Team workspace:
(screenshot from my account where I am not a member of the workspace)
However, the additional employees shown to the right of “Executive Team” in the mobile app are actually members of the project “MP Labs - New Office” which resides within this Executive Team workspace.
When viewed from the desktop, it only shows the two executive members.
Similarly, when you click into the team from the iOS app, it shows a bunch of members:
(the mobile app shows 12 members of a workspace where there are only 2)
Even more confusing is that it appears I can add members despite not being a member of the workspace/team.
Wondering if this is a bug, because if so, it’s a pretty big one from a security standpoint.