Kustomer incident

[Facebook/Instagram] Users Unable to View Data After Login

Minor Resolved View vendor source →

Kustomer experienced a minor incident on September 13, 2025 affecting Channel - Facebook and Channel - Instagram, lasting 21h 53m. The incident has been resolved; the full update timeline is below.

Started
Sep 13, 2025, 01:11 AM UTC
Resolved
Sep 13, 2025, 11:04 PM UTC
Duration
21h 53m
Detected by Pingoru
Sep 13, 2025, 01:11 AM UTC

Affected components

Channel - FacebookChannel - Instagram

Update timeline

  1. investigating Sep 13, 2025, 01:11 AM UTC

    Kustomer is aware of an event affecting Facebook and Instagram Authentication that may cause Pages to fail to display in their selection drop downs in the FB/IG admin UIs while authenticated. Our team is currently working to identify the cause of this issue in an effort to implement a resolution. Please expect additional updates within the next 30 minutes, and reach out to Kustomer support at [email protected] or via chat if you have additional questions or concerns.

  2. investigating Sep 13, 2025, 01:42 AM UTC

    Kustomer is aware of an event affecting Facebook and Instagram Authentication that may cause Pages to fail to display in their selection drop downs in the FB/IG admin UIs while authenticated. Our team is currently working to identify the cause of this issue in an effort to implement a resolution. Please expect additional updates within the next 30 minutes, and reach out to Kustomer support at [email protected] or via chat if you have additional questions or concerns.

  3. investigating Sep 13, 2025, 02:33 AM UTC

    Kustomer is aware of an event affecting Facebook and Instagram Authentication that may cause Pages to fail to display in their selection drop downs in the FB/IG admin UIs while authenticated. Our team is actively investigating the root cause of this issue and working toward a fix. We’ll share another update within 30 minutes. If you have any questions, please contact Kustomer Support at [email protected] or through chat.

  4. investigating Sep 13, 2025, 03:32 AM UTC

    Kustomer is aware of an event affecting Facebook and Instagram Authentication that may cause Pages to fail to display in their selection drop-downs in the FB/IG admin UIs while authenticated. Our team is actively investigating the root cause and working toward a fix. We’ll provide updates as more information becomes available. If you have any questions, please contact Kustomer Support at [email protected] or through chat.

  5. investigating Sep 13, 2025, 03:50 PM UTC

    Kustomer is aware of an event affecting Facebook and Instagram Authentication that may cause Pages to fail to display in their selection drop-downs in the FB/IG admin UIs while authenticated. Our team is actively investigating potential root causes. Work is ongoing and we will continue to share updates as progress is made. If you have any questions, please contact Kustomer Support at [email protected] or through chat.

  6. resolved Sep 13, 2025, 11:04 PM UTC

    Kustomer has resolved an event affecting Facebook and Instagram Authentication that caused Pages to fail to display in selection drop-downs within the FB/IG admin UIs while authenticated. The issue can be addressed through a manual workaround that adds the missing reducers for Facebook. After careful monitoring, our team has confirmed that all affected areas are now fully restored when using this manual workaround. Please reach out to Kustomer Support at [email protected] or via chat if you have additional questions or concerns.

  7. postmortem Sep 29, 2025, 06:07 PM UTC

    # **Summary** Between **September 10, 2025, and September 15, 2025**, customers were unable to log in or reauthenticate via **Facebook, Instagram, and WhatsApp** social channels. Other login methods \(such as email and password\) were unaffected. The root cause was a configuration update to our web security headers that inadvertently blocked required authentication flows. This prevented the login page from loading inside the hidden browser frames these providers use during OAuth. All services were restored by September 15, 2025, following a configuration correction. # **Root Cause** On **September 10, 2025**, a security update was deployed that added restrictive browser directives \(X-Frame-Options: DENY and frame-ancestors 'none'\) across our login endpoints. While these headers improved protection against clickjacking, they also prevented OAuth flows from loading our login page within an , which is required for Facebook, Instagram, and WhatsApp authentication. As a result, customers who needed to reauthenticate tokens for these channels were blocked until the issue was identified and corrected. # **Timeline** * **Sep 10, 2025, 10:51 AM \(EST\):** Security header update deployed. * **Sep 12, 2025, 10:09 AM \(EST\):** First customer reports issues adding Facebook/Instagram pages. * **Sep 12, 2025, 3:04 PM \(EST\):** Incident escalated to Priority 1 as multiple customers were impacted. * **Sep 13–14, 2025:** Teams investigated potential fixes and implemented manual customer workarounds. * **Sep 15, 2025, 2:48 PM \(EST\):** Configuration update deployed to allow necessary domains while removing the conflicting X-Frame-Options. Authentication fully restored. # **Lessons/Improvements** * **Monitoring & Escalation:** The issue could have been escalated more quickly; clearer guidance is being put in place to ensure similar incidents are prioritized earlier. * **Testing Gaps:** Our local development and staging environments did not apply the same header rules as production, which made reproducing the issue difficult. We are updating our environments to align with production behavior. * **Documentation:** Notes on header restrictions were not well-documented across teams. We are improving visibility of known constraints and best practices.