Impact
At least one internal user experienced failed login attempts while using Google SSO on the platform. The issue started on UTC-5 26-02-09 17:55 and was proactively discovered 14.4 minutes (TTD) later by a staff member who reported through our internal channels that users trying to sign in could not access their accounts, although no external customers reported problems. The problem was resolved in 5.7 minutes (TTF), resulting in a total window of exposure of 20.1 minutes (WOE) [1].
Cause
During a deployment, the old Google OAuth token was removed before a critical post-deployment job finished. This caused the platform to temporarily reject Google SSO logins [2].
Solution
Wait for the post-deployment job to complete. Once the job finished, the Google SSO login was restored [3].
Conclusion
To prevent this from happening again, the OAuth token should not be removed, invalidated, or deactivated until the related post-deployment processes have fully completed. COMMUNICATION_FAILURE < INFRASTRUCTURE_ERROR < INCOMPLETE_PERSPECTIVE