Supabase incident on February 12, 2026

On February 12, 2026, Supabase experienced a significant outage in the us-east-2 AWS region, lasting over three hours, due to a deployment that inadvertently enabled AWS's VPC Block Public Access feature, causing a complete block of internet gateway traffic. The issue was not due to external attacks or AWS disruptions but stemmed from a configuration error and insufficient deployment pipeline guardrails. The resolution was delayed by misdirected initial investigations and the absence of key infrastructure teams. To prevent future occurrences, Supabase is implementing immediate, near-term, and structural changes, including improved guardrails, access controls, and better incident communication strategies. Additionally, they are enhancing network connectivity monitoring, ensuring full parity between pre-production and production environments, and improving coordination and communication during incidents. The company acknowledges its communication shortcomings during the incident and is committed to overhauling its approach to customer communication in such events.