hCaptcha experienced a minor incident on January 19, 2021, lasting —. The incident has been resolved; the full update timeline is below.
Update timeline
- resolved Jan 19, 2021, 10:31 PM UTC
Approximately 0.009% of requests to siteverify with some challenge modes received an `invalid-passcode` response, starting around 1:20PM PT and continuing for ~30 minutes. This affected less than 1% of sites.
- postmortem Jan 19, 2021, 10:31 PM UTC
This issue was caused by a rollout of new code that contained a bug for some combinations of feature flags and request data. This should have been caught by other safeguards, but due to an unrelated change in the system those safeguards no longer triggered in this case. Improvements to the affected systems have been scheduled.