Spreedly incident

Duplicate Payment Method Fingerprints Issued

Minor Resolved View vendor source →

Spreedly experienced a minor incident on June 30, 2025 affecting Fingerprinting, lasting —. The incident has been resolved; the full update timeline is below.

Started
Jun 30, 2025, 02:05 PM UTC
Resolved
Jun 30, 2025, 02:05 PM UTC
Duration
Detected by Pingoru
Jun 30, 2025, 02:05 PM UTC

Affected components

Fingerprinting

Update timeline

  1. resolved Jun 30, 2025, 06:25 PM UTC

    Spreedly has identified an issue where non-unique payment method fingerprints were issued between 16:05 and 17:50 UTC. The issue has been resolved.

  2. postmortem Jul 08, 2025, 02:47 PM UTC

    ## **Postmortem: June 30, 2025 — Incorrect Payment Method Fingerprints Returned** We want to sincerely apologize for an issue that occurred on **June 30, 2025**, where some of our customers received **incorrect or duplicate payment method fingerprints** when tokenizing new payment methods. This issue lasted from **4:05 PM to 5:50 PM UTC**. While no transactions failed and sensitive data was never at risk, we know that accurate fingerprinting is critical to how you manage and deduplicate payment methods, and we’re sorry for the confusion and downstream impact this may have caused. ### What Happened As part of routine security maintenance, we deployed a new encryption key used to manage payment methods. Unfortunately, the deployment included a **misconfigured Parent Data Encryption Key \(Parent DEK\)**. This misconfiguration caused our fingerprinting system to **receive an error from our encryption service**, but that error was **mistakenly interpreted as valid data**. As a result, many new payment methods received the **same fingerprint**, leading to duplicates or incorrect values being returned across all environments. Tokenization and payment processing were unaffected—transactions completed successfully, and all sensitive data remained secure. ### What We’re Doing to Prevent This We’ve already taken several steps to ensure this doesn’t happen again: * Alerting has been implemented for this step in the payment method fingerprinting service * Process changes have been implemented to prevent this type of misconfiguration in the future We’re grateful for your trust and patience. If you believe this incident may have affected your environment, or if you have any questions, please don’t hesitate to reach out to our support team. — The Spreedly Team