Hi, @webdev4,
The response for this post might be useful:
You should also check the user’s name to make sure there is no suspicious activity, but generally speaking, look in your codebase to make sure you’re not authenticating or authorizing the user more than you should.
If you have any other questions feel free to ask.
Have a good one, Vlad