Between 2025-05-07 13:45 and 2025-05-08 08:00 UTC, some users in the EU region were not able to login. Some login requests failed, due to rate limiting on SAP LeanIX.
The incident was resolved by changing the logic that determines when the rate limiting should block requests from being processed. Once this change was deployed to the production environment, login requests were no longer rate limited.
We identified a faulty configuration of the rate limiting for logins. This configuration applied the same rate limit to all users. Our analysis shows that a single user exceeded the permitted number of calls, which affected other users who were well within the allowed number of calls per minute.
We improved the coverage of our automated tests to include the rate limiting configuration. Additionally, we are improving our monitoring to alert earlier on blocked login requests due to rate limiting.