Duration: 32 minutes

Affected Components: Authentication, Admin area

Mar 17, 02:38:38 GMT+0
Investigating - We are currently investigating this incident..

Mar 17, 02:46:37 GMT+0
Monitoring - We are currently monitoring..

Mar 17, 03:10:28 GMT+0
Resolved - This incident has been resolved. Please reach out to the team if you need any assistance..

Duration: 1 hour and 48 minutes

Affected Components: Webhooks

Feb 3, 14:21:35 GMT+0
Resolved - We have resolved the webhook delay..

Feb 3, 12:33:06 GMT+0
Investigating - We are currently investigating a delay with webhooks in the London region.

Duration: 16 minutes

Affected Components: Authentication, Authentication, Authentication, Authentication, Authentication

Jan 7, 13:58:35 GMT+0
Identified - The issue has been identified and a fix is currently being deployed..

Jan 7, 14:14:11 GMT+0
Resolved - This incident has been resolved..

Duration: 20 hours and 55 minutes

Affected Components: SMS delivery

Dec 8, 07:27:00 GMT+0
Identified - We are working with out SMS provider to unblock these. At the moment, any messages from Kinde businesses based in the Sydney AU data region being sent to numbers with Vodafone Australia will not be delivered..

Dec 9, 03:51:31 GMT+0
Monitoring - An update has been applied to unblock delivery to Vodafone Australia. The team will continue monitoring until there's a sufficient volume of successful messages. .

Dec 9, 04:21:33 GMT+0
Resolved - This incident has been resolved..

Duration: 22 days and 13 minutes

Affected Components: Custom domains, Authentication

Dec 5, 18:41:24 GMT+0
Investigating - We are currently investigating this incident. Connections from the UK to Kinde's AU region are timing out. Currently only the ISP "Sky" has been identified. This will impact users who are connecting from the UK and trying to accessing Kinde businesses that run in the AU data region. .

Dec 5, 20:44:18 GMT+0
Identified - Based on regional testing, it looks like users using Sky as their ISP in the UK are not able to connect to Kinde businesses in the AU data region. We're in contact with our cloud provider and continuing to troubleshoot this issue. .

Dec 5, 23:07:59 GMT+0
Identified - Our cloud provider has acknowledged the issue is affecting all of their customers and not just Kinde. And are continuing their investigation to provide a resolution..

Dec 9, 03:53:37 GMT+0
Resolved - This is a network routing issue between Sky’s infrastructure and AWS Sydney, and is also affecting other services hosted in this region. Sky customers have reported similar issues in Sky’s support forums. There is currently no ETA for resolution from Sky. We do have a workaround available, if you’re affected by this issue, please reach out to our support team. For now, we're going to mark this as closed and will update this status post as more information becomes available..

Dec 9, 05:18:18 GMT+0
Resolved - This is a network routing issue between Sky’s infrastructure and AWS Sydney, and is also affecting other services hosted in this region. Sky customers have reported similar issues in Sky’s support forums. There is currently no ETA for resolution from Sky. We do have a workaround available, if you’re affected by this issue, please reach out to our support team. We’ll update this status as more information becomes available..

Duration: 4 hours and 4 minutes

Affected Components: SMS delivery

Dec 4, 10:24:00 GMT+0
Resolved - This incident has been resolved..

Dec 4, 06:20:00 GMT+0
Identified - We are continuing to work on a fix for this incident..

Duration: 2 hours and 44 minutes

Affected Components: SMS delivery, SMS delivery, SMS delivery, SMS delivery, SMS delivery

Nov 20, 05:48:00 GMT+0
Identified - Impacting custom SMS providers, not the default Kinde SMS sending. We are continuing to work on a fix for this incident..

Nov 20, 08:12:28 GMT+0
Monitoring - We implemented a fix and are currently monitoring the result..

Nov 20, 08:31:33 GMT+0
Resolved - This incident has been resolved..

Duration: 54 minutes

Affected Components: Authentication, Custom domains

Nov 3, 01:22:45 GMT+0
Investigating - We are currently investigating this incident. This is impacting Kinde businesses in the US region running on a custom domain..

Nov 3, 01:24:40 GMT+0
Monitoring - Custom domains are back online and we're currently monitoring.

Nov 3, 02:16:19 GMT+0
Resolved - This incident has been resolved..

Duration: 38 minutes

Affected Components: Management API

Oct 20, 05:41:00 GMT+0
Investigating - We are currently investigating this incident..

Oct 20, 06:01:42 GMT+0
Monitoring - Error have decreased and our team are currently monitoring..

Oct 20, 06:18:48 GMT+0
Resolved - This incident has been resolved and team is investigation the cause..

Duration: 49 minutes

Affected Components: Authentication, Email delivery, Custom domains, User export and import, Management API, , New user registration, SMS delivery, EU region →

Oct 16, 09:39:00 GMT+0
Investigating - We are currently investigating this incident..

Oct 16, 10:13:15 GMT+0
Monitoring - We implemented a fix and are currently monitoring the result..

Oct 16, 10:28:08 GMT+0
Resolved - This incident has been resolved..

Duration: 39 minutes

Affected Components: SMS delivery, Authentication, User export and import, Email delivery, New user registration, Admin area, , Custom domains, Management API, AU region →

Sep 4, 06:59:05 GMT+0
Resolved - This incident has been resolved and our team will continue to monitor..

Sep 4, 06:51:04 GMT+0
Monitoring - Latency has returned to normal and we're monitoring performance now.

Sep 4, 06:20:00 GMT+0
Investigating - We are currently investigating this..

Duration: 6 hours and 58 minutes

Affected Components: Authentication, Authentication, Authentication, Authentication, Admin area, Authentication

Sep 3, 04:00:21 GMT+0
Monitoring - \\-- -- Apologies for the broken formatting on this longer update. We will provide a nicer view of this report in the coming days as part of a post mortem -- -- To all the Kinde customers impacted by the authentication incident that occurred today (3 September 2025) at 10:40am Sydney time, we are so sorry for the impact this has had on your businesses. It was entirely our fault. We fu\\\*#ed up. We accidentally introduced an authentication bug during a routine feature deployment. The bug has been fixed and we are swarming to respond and remediate. More updates will be posted to our status page, where you can subscribe to the incident and receive updates. If you have one, please use your dedicated channel in Kinde Slack. \\-- -- Summary -- -- This was not a malicious attack and there was no Kinde data breach. We caused it. Social auth connections were impacted (not enterprise connections). End-users who authenticated during the incident were signed in to a profile that was not theirs. We are working to invalidate all sessions that were signed into during the incident period. This will invalidate auth tokens and force the affected users to sign in again. The deployment was rolled back 68 minutes after the bug appeared, fixing the issue. Users who sign in to your app now, will be unaffected. This is being treated as a security incident due to the impact to users when using our customer’s products, however Kinde has not been breached. \\-- -- What we know -- -- A recent code change was deployed introducing a bug that redirected authenticated users to the wrong profile. They signed in as usual via social authentication, but the bug assigned the incorrect user ID to them when returning to the app. This effectively showed them the profile of another user after the login. Users logging into the Kinde admin were also impacted when using the Google or Github authentication options, and were directed to the incorrect organisation selector. To the best of our knowledge, enterprise connections (such as SAML and MS Entra OAuth2) were not impacted by this bug. \\-- -- Current actions -- -- The bug is fixed. Here’s what we are doing right now: Determining how many users were affected. i.e. the scope of the incident Working out the best remedy (i.e. invalidate invalid sessions) to impact the least users Running diffs with a restored copy of the data prior to the incident for validation Performing a code analysis of the change We will reach out to customers directly with more information, as we have it. \\-- -- Incident timeline - 3 September 2025 -- -- Change deployed at 10:40 am Sydney time First notification of incorrect logins is 11:07 am Sydney time Change reverted at 11:41 am Sydney time Total duration where a user could log into the wrong profile: 61 minutes.

Sep 3, 01:07:00 GMT+0
Investigating - We are currently investigating this incident..

Sep 3, 01:37:23 GMT+0
Identified - We have identified a critical authentication error affecting Social SSO, email and SMS. Enterprise Connections/SSO are not affected..

Sep 3, 01:41:00 GMT+0
Monitoring - We implemented a fix that resolves the issue and are currently monitoring the result. This is being treated as a serious incident and our team is working urgently..

Sep 3, 02:08:36 GMT+0
Monitoring - We are currently working on invalidating all sessions that took place during the incident..

Sep 3, 02:19:00 GMT+0
Identified - There is high latency for the Sydney region currently..

Sep 3, 02:22:00 GMT+0
Monitoring - Sydney region is operational and user sessions are in the process of being invalidated..

Sep 3, 06:02:08 GMT+0
Monitoring - The team are continuing to investigate the total breadth of the incident, specifically with the invalidation of logins during the incident. We will continue to update this status page with high level information and directly to customers for information specific to their business..

Sep 3, 08:04:58 GMT+0
Resolved - We will be closing this incident on the status page, however updates will still be provided here publicly and directly to customers where required. Only users who logged in during the hour long incident window were impacted. The initial bug from this morning was resolved. All impacted sessions and tokens for the Kinde admin have been invalidated. Additionally all customer sessions during the incident window have been invalidated on the Kinde side. We are compiling a list of users impacted and will be reaching out directly to customers to verify if there are any cached access or refresh tokens that need to be invalidated..

Sep 4, 00:20:07 GMT+0
Resolved - A brief update to the summary from yesterday. Incident window on September 3 between 10:40am to 11:41am Sydney time (12:40am to 01:41am UTC). This was not a malicious attack and there was no Kinde data breach from an external attacker. We caused it. The deployment was rolled back 61 minutes after the bug appeared, fixing the issue. Users who logged in outside of the incident window are not affected. Only OAuth and OIDC type connections were impacted, such as all social authentication connections and the Entra OAuth enterprise connection. Email, username, SMS, and SAML connections were not impacted. There was no cross-business profile exposure. For each of your OAuth2 or OIDC connections, the first user to authenticate during the incident window became the profile for subsequent users on that OAuth2 or OIDC connection. For example, say user 1 authenticated at the beginning of the incident. When any subsequent user authenticated (e.g. user 2, 3, and 4) they were shown the profile for user 1. Less than 100 user profiles globally were exposed by this incident. Sessions and tokens during the incident window were identified and invalidated by the evening of Sep 3 Sydney time. The Kinde team are actively reaching out directly to impacted Kinde businesses who have had authentication sessions during the incident window to provide further information and assistance..

Sep 8, 11:47:11 GMT+0
Postmortem - **Post-incident report now available.** Following the incident of 3 September 2025, we've now prepared a post-incident report, containing detailed information about the root cause, remedies, future actions, etc. [View post-incident report](https://kinde.com/blog/post-mortem/2025-09-03-authenticated-to-wrong-user-profile). If you have any questions, or need any additional information, please reach out to us by [email](mailto:support@kinde.com), or in our [Slack](https://join.slack.com/t/thekindecommunity/shared%5Finvite/zt-25gshkj52-AAn0R3V86WWsWkd8IH~~0g) and [Discord](https://discord.gg/wHX6j7wG5d) communities. We're here to support you however we can. Again, we are deeply apologetic for the inconvenience caused to you and your customers. We are making it impossible to happen again..

Duration: 44 minutes

Affected Components: SMS delivery

Sep 2, 07:50:14 GMT+0
Investigating - We are currently investigating this incident..

Sep 2, 08:10:31 GMT+0
Monitoring - We implemented a fix and are currently monitoring the result..

Sep 2, 08:34:38 GMT+0
Resolved - This incident has been resolved..

Duration: 17 minutes

Affected Components: Admin area

Aug 22, 07:20:00 GMT+0
Resolved - Fix has been applied and Kinde admin errors are now resolved.

Aug 22, 07:03:00 GMT+0
Investigating - We are currently investigating this incident..

Duration: 47 minutes

Affected Components: Email delivery, SMS delivery, Custom domains, SMS delivery, User export and import, Authentication, User export and import, New user registration, Authentication, Admin area, , , New user registration, Custom domains, Management API, Email delivery, Management API, AU region → US region →

Aug 22, 05:18:24 GMT+0
Resolved - This incident has been resolved..

Aug 22, 04:39:03 GMT+0
Monitoring - We implemented a fix and are currently monitoring..

Aug 22, 04:31:12 GMT+0
Investigating - We are currently investigating this incident..

Duration: 6 hours and 27 minutes

Affected Components: SMS delivery, SMS delivery, SMS delivery, SMS delivery, SMS delivery

Jun 4, 15:59:00 GMT+0
Resolved - This incident has been resolved..

Jun 4, 10:29:00 GMT+0
Identified - SMS for 2FA are currently not delivering, we have identified an issue with our provider and are working to resolve this..

Jun 4, 13:31:45 GMT+0
Identified - We're currently working with our upstream SMS provider to resolve the delivery problems.

Jun 4, 15:44:15 GMT+0
Monitoring - We have resolved the issue with our provider and are currently monitoring the result..

Duration: 58 minutes

Affected Components: Admin area, Custom domains, User export and import, Management API, , SMS delivery, Email delivery, Authentication, New user registration, AU region →

May 26, 00:33:53 GMT+0
Monitoring - We implemented a fix and are currently continuing to monitor..

May 26, 00:35:49 GMT+0
Identified - Some customers are still getting 5xx errors, we are continuing to work on a fix for this incident..

May 26, 00:25:33 GMT+0
Investigating - We are currently investigating this incident..

May 26, 01:04:05 GMT+0
Monitoring - Customer domains are functioning. The team is actively monitoring still..

May 26, 01:23:10 GMT+0
Resolved - Customer domains are back online. The team are actively monitoring all systems still. We experienced a DDoS for approximately 30 minutes and have been working with our cloud providers to mitigate the attack. More information will be provided via customer channels..

May 30, 06:14:02 GMT+0
Postmortem - At 10:15 AEST on 27 May 2025, a DDoS attack targeting Kinde's application endpoints caused timeout errors for customers in the AU region for approximately 45 minutes and intermittently for customers in the US region. The team mitigated the attack by blocking malicious traffic and implementing further anti-DDoS measures. From the period between 10:00 and 11:15, hundreds of millions of requests were blocked. Kinde will continue working with our cloud service and security providers to ensure that customer impact to our services is minimised..

Duration: 37 minutes

Affected Components: Authentication

Mar 25, 09:44:30 GMT+0
Monitoring - We implemented a fix and are currently monitoring the result..

Mar 25, 09:25:13 GMT+0
Investigating - We are currently investigating this incident..

Mar 25, 10:02:38 GMT+0
Resolved - The incident has been resolved. The team will continue to monitor availability and performance for the region. .

Duration: 1 hour and 15 minutes

Affected Components: Authentication, Authentication, Authentication, Authentication

Feb 26, 22:48:00 GMT+0
Investigating - We are currently investigating this incident..

Feb 27, 00:02:55 GMT+0
Resolved - This incident has been resolved, and the team is doing further investigation into the cause of the issue..

Duration: 10 minutes

Affected Components: Email delivery, Authentication, Admin area, SMS delivery, Custom domains, User export and import, Management API, New user registration

Feb 12, 01:01:24 GMT+0
Resolved - This incident has been resolved..

Feb 12, 00:51:18 GMT+0
Investigating - We are currently investigating this incident. This is currently impact the AU region and the Kinde Admin..

Feb 12, 00:58:30 GMT+0
Monitoring - We implemented a fix and are currently monitoring the result..

Duration: 24 minutes

Affected Components: Authentication

Feb 4, 16:15:00 GMT+0
Investigating - We are currently investigating this incident..

Feb 4, 16:39:00 GMT+0
Resolved - This incident has been resolved. Our caching service, which facilitates most read related operations, stopped accepting new items. This slowly increased load on our backend as more load was slowly introduced that is supposed to be dealt with by the cache. We've identified and applied a mitigation for this to improve the cache's availability. We will also be reviewing additional configuration with how our app responds to a loss of the cache in general and applying fixes to further improve it's availability and reliability..

Duration: 13 minutes

Affected Components: Authentication

Feb 3, 06:00:19 GMT+0
Investigating - We are currently investigating this incident..

Feb 3, 06:09:42 GMT+0
Monitoring - We implemented a fix and are currently monitoring the result..

Feb 3, 06:13:22 GMT+0
Resolved - Service performance has returned to normal.

Duration: 2 hours and 3 minutes

Affected Components: Email delivery, SMS delivery

Jan 13, 20:01:38 GMT+0
Monitoring - We implemented a fix and are currently monitoring the result..

Jan 13, 19:57:46 GMT+0
Investigating - We are still looking into the email sending issue. We will update no later than 20:30UTC.

Jan 13, 17:05:00 GMT+0
Investigating - We are currently investigating this incident..

Jan 13, 20:13:30 GMT+0
Resolved - This incident has been resolved..

Jan 15, 04:30:44 GMT+0
Resolved - An alert was raised with the Kinde support team regarding delayed emails for US region customers. It was identified that a task consumed all available workers concurrently and prevented emails from being delivered in a timely manner due to the backlog. To fix the immediate issue, the faulty task was killed and all undelivered time sensitive emails were expired. The team will implement stricter quality of service queues for email delivery and segregate the high resource usage tasks to prevent delays due to unrelated tasks..

Duration: 5 days, 15 hours and 35 minutes

Affected Components: Authentication

Jan 11, 23:39:34 GMT+0
Resolved - This incident has been resolved..

Jan 11, 21:24:00 GMT+0
Investigating - We are currently investigating this incident where some customers are experiencing 500 errors when accessing their Kinde domain.

Duration: 5 hours and 32 minutes

Affected Components: Authentication

Jan 10, 04:50:00 GMT+0
Investigating - We are currently investigating this incident that seems to be impacting a limited number of customers..

Jan 10, 05:22:00 GMT+0
Resolved - We are no longer seeing 500 errors for the EU data region..

Duration: 3 hours

Affected Components: User export and import, User export and import, User export and import, User export and import

Sep 12, 08:00:00 GMT+0
Identified - We will be performing updates to enhance import performance. The bulk import feature within the Kinde admin UI will be unavailable for approximately two hours while this takes place..

Sep 12, 08:00:00 GMT+0
Identified - Please be advised that the scheduled maintenance on our bulk import feature has been postponed to September 12th between 08:00 - 10:00 GMT (18:00 - 20:00 AEST), the importing feature will be unavailable during this window..

Sep 12, 11:00:00 GMT+0
Completed - Maintenance was completed Sep 12.

Sep 12, 08:00:01 GMT+0
Identified - Maintenance is now in progress.