Last Friday, August 7, around 5 PM GMT we experienced a security issue on our production instance at youtrack.jetbrains.com.
For about an hour, all external users and guest accounts obtained permissions to all of our projects, including internal ones. Issues, comments, and attached files in public projects that were restricted by permitted user group were not affected. The issue was caused by an administration failure during the permission synchronization process.
The issue was detected and fixed within an hour thanks to our Operation team. We’ve also received bug reports from our external users at the same time. We’ve carefully checked the access logs to make sure that no private customers data were accessed and no important internal information was affected.
We offer our deepest apologies to all our internal and external users. We’ve made our best to prevent such problems in the future by adding security tests covering more access scenarios.
Thank you for your understanding and patience, we really appreciate it.