Kinde experienced a privacy breach due to a bug introduced during a routine feature deployment on September 3, affecting users who logged in via OAuth2/OIDC connections within a 68-minute window. This bug caused subsequent users logging in with the same connection to be redirected to the profile of the first user who logged in, exposing less than 150 user profiles globally. The issue was swiftly addressed by rolling back the buggy deployment, invalidating affected sessions and tokens, and notifying impacted businesses to take necessary actions. The company has since taken steps to remediate the situation, including fixing incorrect user identities and assisting customers in restoring authentication settings. Kinde is committed to preventing future incidents by reviewing and updating testing procedures, adopting defensive coding practices, and setting up mechanisms for quick response to authentication issues. Additionally, they plan to enhance security exercises, improve audit logs, and exercise caution in communicating incident details to prevent misinformation.