So, today my boss told me that a man he had never seen before had created an account on his own in the metabase and he thinks we may have been attacked or invaded by some hacker. Anyway, I searched the metabase logs and found nothing like this user’s IP or at least which administrator account created this user.
Can you help me?
Thanks and greetings to all Metabase developers, you’re revolutionary!
@CsnCaio
Which version of Metabase?
But is there a user account that you don’t know?
You should check the metadata, which has tables, where you can see query activity and other things.
@CsnCaio You should be able to see information in the table activity, but I’m not sure if it stores that info.
EDIT: Looking at the code, it doesn’t seem like that information is stored.
Users can only be invited by another user who’s in the Admin group, so that should limit your scope.
If you store outgoing emails, then you should be able to see who invited the user, since it has it in the header of the mail: {{invitorName}} wants you to join them on Metabase.