diff --git a/test/topics.js b/test/topics.js
index 5629fdf27a..c7655e6d66 100644
--- a/test/topics.js
+++ b/test/topics.js
@@ -1063,7 +1063,6 @@ describe('Topic\'s', function () {
 			});
 		});
 
-
 		it('should fail with invalid data', function (done) {
 			socketTopics.markAsRead({ uid: 0 }, null, function (err) {
 				assert.equal(err.message, '[[error:invalid-data]]');
@@ -1071,7 +1070,6 @@ describe('Topic\'s', function () {
 			});
 		});
 
-
 		it('should mark topic read', function (done) {
 			socketTopics.markAsRead({ uid: adminUid }, [tid], function (err) {
 				assert.ifError(err);
@@ -1156,7 +1154,6 @@ describe('Topic\'s', function () {
 			});
 		});
 
-
 		it('should fail with invalid data', function (done) {
 			socketTopics.markAsUnreadForAll({ uid: adminUid }, null, function (err) {
 				assert.equal(err.message, '[[error:invalid-tid]]');
@@ -1211,6 +1208,35 @@ describe('Topic\'s', function () {
 				done();
 			});
 		});
+
+		it('should not return topics in category you cant read', function (done) {
+			var privateCid;
+			var privateTid;
+			async.waterfall([
+				function (next) {
+					categories.create({
+						name: 'private category',
+						description: 'private category',
+					}, next);
+				},
+				function (category, next) {
+					privateCid = category.cid;
+					privileges.categories.rescind(['read'], category.cid, 'registered-users', next);
+				},
+				function (next) {
+					topics.post({ uid: adminUid, title: 'topic in private category', content: 'registered-users cant see this', cid: privateCid }, next);
+				},
+				function (data, next) {
+					privateTid = data.topicData.tid;
+					topics.getUnreadTids({ uid: uid }, next);
+				},
+				function (unreadTids, next) {
+					unreadTids = unreadTids.map(String);
+					assert(!unreadTids.includes(String(privateTid)));
+					next();
+				},
+			], done);
+		});
 	});
 
 	describe('tags', function () {