Incident Report: March 30th, 2026 — Authenticated user data cached

Railway encountered a significant incident on March 30, 2026, when a configuration update inadvertently enabled CDN caching for some domains where it was supposed to be disabled, affecting around 0.05% of domains. This error led to potentially authenticated data being served to unauthenticated users due to incorrect HTTP GET response caching, which could result in users seeing pages intended for others. The issue was identified within 32 minutes and fully reverted with all cached assets purged globally. Railway has implemented additional preventative measures, including enhanced testing and gradual CDN rollout processes, to prevent similar incidents in the future. The incident underscores the company's commitment to prioritizing safety and security to rebuild trust with its users while managing growth.