GitHub logged all users out of GitHub.com on March 8, 2021, due to a rare security vulnerability that arose from a complex interaction between threads in their Ruby on Rails application. The issue was first reported by users who experienced authentication as another user, prompting GitHub to launch a thorough investigation. The vulnerability was traced back to a thread safety issue in their exception logging mechanism, exacerbated by the reuse of a single environment object in the Unicorn server, which led to a race condition and incorrect session handling. GitHub responded by removing the background thread responsible for triggering the issue, patching Unicorn to prevent environment sharing, and revoking all active sessions to ensure user data safety. The company worked with Unicorn maintainers to upstream the patch and is taking further steps to enhance thread safety across its codebase, aiming to prevent similar vulnerabilities in the future. The incident highlighted the importance of a well-coordinated security response team and the challenges of managing complex systems, ultimately leading to valuable insights for improving GitHub's security architecture.