Bonusly incident

Captcha verifications are failing.

Notice Resolved View vendor source →

Bonusly experienced a notice incident on December 24, 2025, lasting 1h 13m. The incident has been resolved; the full update timeline is below.

Started
Dec 24, 2025, 01:43 AM UTC
Resolved
Dec 24, 2025, 02:56 AM UTC
Duration
1h 13m
Detected by Pingoru
Dec 24, 2025, 01:43 AM UTC

Update timeline

  1. investigating Dec 24, 2025, 01:43 AM UTC

    We've identified an issue where people who login with a username and password are receiving a Captcha verification failure. Note, login for people with SSO is unaffected.

  2. identified Dec 24, 2025, 01:48 AM UTC

    We think we identified the issue and are deploying a hotfix. Stay tuned.

  3. identified Dec 24, 2025, 02:19 AM UTC

    Ok, we've confirmed our fix is working and are rolling it out to our servers now. ETA is 30 minutes.

  4. identified Dec 24, 2025, 02:40 AM UTC

    The fix is still rolling out. In the interim, root cause was an upgrade to our net-http library. That upgrade removed a default header, "application/x-www-form-urlencoded," from http requests our code issues to Cloudflare. The Cloudflare Turnstile API, which we use in conjunction with Captcha, expects this header to be present, and started rejecting our requests as a result.

  5. resolved Dec 24, 2025, 02:56 AM UTC

    Our fix is now deployed and we're seeing normal volume of successful username/password logins.