Collection of incidents resulting from web caching issues. This is focused on the problem that results in users seeing the content of other users, when that problem appears as a direct result of a CDN or related web caching configuration change, noticable by many users. When this happens, numerous users will immediately report seeing the content of other users. This will not record those incidents that result from activity by an attacker or bug bounty researcher, as it is believed those may be resulting from a different problem.
A common cause for some of these is Cloudfront request collapsing. Read about that feature here.
This is a problem that occurs regularly and the hope is to identify generic mitigation strategies to detect and avoid it from happening in the future. If you know of good ways of identifying this problem before it gets pushed to production, please reach out (file a ticket, message me on twitter at https://twitter.com/0xdabbad00, or email me).
| Date | Organization impacted | References | Notes |
|---|---|---|---|
| May 1, 2024 | Qantas | reddit Company statement | |
| February 16, 2024 | Wyze cameras | ||
| November 30, 2023 | Ticketmaster | ||
| September 8, 2023 | Wyze cameras | ||
| March 21, 2023 | ChatGPT | ||
| March 7, 2023 | Loom | post-mortem presentation | |
| February, 2023 | Scandinavian Airlines (SAS) | news article | |
| October 12, 2022 | Unknown | post-mortem | Result of Cloudfront request collapsing |
| May 27, 2021 | Klarna | post-mortem | |
| March 20, 2021 | Zulip | post-mortem | Result of Cloudfront request collapsing |
| March 8, 2021 | Github | post-mortem | This was a thread safety problem, but the result was similar |
| April 2020 | Italian Social Security (INPS) | news article | |
| December 25, 2015 | Steam | post-mortem | Cache change was made in response to a DDoS, which caused a different problem |
| Jan 29, 2015 | Apple iTunes | news article | Unclear if this was a caching issue, but the symptoms look similar |