I noticed a huge security flaw last year where users have access to projects that they should not have access to.
I wrote in several times and have not heard back from support.
Basically, I have created projects and when I go to assign the task to a specific user, other users show up in the list, that do not have access to the project!
In my particular case, the users are from a completely unassociated work project under a different work account I own, so there is some mapping issue somewhere that is allowing the 3rd party company employees access to my newly created projects (under a completely different login and email address).
My guess is that some merging happened on the backend and the users were added at some level that cannot be accessed by the user interface.
I would love to get some help on this so I can use the product without fear that tall of my projects can be seen by others that should not have access.
Thanks in advance!