While testing a feature, you stumble onto a way to view other users' personal data that you weren't supposed to have access to. What do you do?

situational · Junior level · general

What the interviewer is really asking

Assess data-handling ethics and security instincts — whether the candidate stops, refrains from poking further, and reports a privacy/access flaw responsibly instead of exploring or staying silent.

What to say

What to avoid

Example answers

Strong: I'd stop the moment I realized I could see data I shouldn't — I wouldn't click into more accounts to gauge the scope, because that's just more access I'm not authorized for. I'd note the minimal repro steps and report it right away to my lead and our security contact, framed as a potential access-control flaw exposing personal data. I'd avoid copying or sharing any of the data and let security decide the next steps; over-exploring a privacy hole can make a bad situation worse.

Weak: I'd check a few more accounts to understand how widespread it is, then write up a thorough report showing the full scope to my lead.

Want questions matched to your role? Paste a job title, job description, or CV and get a personalized set, or go Pro to unlock the full bank.