Unable to access Fluid Attacks platform
Incident Report for Fluid Attacks


An unknown number of users encountered difficulties trying to initiate new sessions on the Fluid Attacks Platform through Google (existing new sessions were unaffected, as well as new sessions from other authentication providers). The issue started on UTC-5 24-02-01 09:29 and was proactively discovered 3.6 hours (TTD) later by the product team during their regular workflow. No incident reports were received through our help desk. The problem was resolved in 43.2 minutes (TTF) resulting in a total impact of 4.3 hours (TTR) [1][2].


We have separate secret files for development and production. The secret was rotated in the development file, but this rotation was overlooked in the production file. This caused problems when trying to log in to the Platform, showing an `Unauthorized Access` message [3].


The secret was rotated in the production file [4].


Rotating secret can impact components. Work is in progress to implement a test that will help prevent rotation failures [5]. ROTATION_FAILURE < MISSING_TEST

Posted Feb 01, 2024 - 17:33 GMT-05:00

The platform has regained accessibility and is now operating normally.
Posted Feb 01, 2024 - 14:18 GMT-05:00
The app.fluidattacks.com platform is experiencing issues with access.
Posted Feb 01, 2024 - 12:55 GMT-05:00
This incident affected: Platform.