GitHub header
We are investigating reports of degraded performance.
Incident Report for GitHub
Beginning at 17:30 UTC on April 11th and lasting until 20:30 UTC on April 14th, saw significant (up to 2 hours) delays in delivering emails. At 14:21 UTC on April 14th, community reports of this were confirmed and an incident declared. Emails most impacted by the delay were password reset and unrecognized device verification, which contain time-sensitive links or verification codes, and are required to be acted on in order for password resets or unrecognized logins to proceed.

Users attempting to reset their password during the incident were unable to complete the reset. Users without two-factor authentication (2FA), signing in on an unrecognized device, were unable to complete device verification. Enterprise Managed Users, users with 2FA, and users on recognized devices or IP addresses were still able to sign in. This impacted 800-1000 user device verifications and 300-400 password resets.

The mailer delays were caused by increased usage of a shared resource pool; a separate internal job queue became unhealthy and prevented the mailer queue from being worked on.

We have made some immediate improvements to better detect and react to this type of situation again. As a short-term mitigation strategy, we have added a queue-bypass ability for time-sensitive emails, like password reset and unrecognized device verification. We can enable this setting if we observe email delays reoccurring, which will ensure that future incidents do not affect user ability to complete critical login flows. We have paused the unhealthy job queue, to prevent impact to other queues using shared resources. And we have updated our methods of detection for anomalous email delivery, to identify this issue sooner.
Posted Apr 14, 2024 - 21:53 UTC
We are seeing a full recovery. Device verification and password reset emails are delivered on time.
Posted Apr 14, 2024 - 21:52 UTC
We are deploying a possible mitigation to the delayed device verification and password change emails.
Posted Apr 14, 2024 - 21:34 UTC
We continue to investigate issues with delays of email deliveries which is preventing users without 2FA enabled from verifying new devices. We will provide more information as it becomes available.
Posted Apr 14, 2024 - 19:54 UTC
We are continuing to investigate issues with the delivery of device verification emails for users without 2FA.
Posted Apr 14, 2024 - 15:50 UTC
We are continuing to investigate issues with the delivery of device verification emails for users without 2FA on new devices.
Posted Apr 14, 2024 - 15:01 UTC
Device verification emails for sign-ins for users without 2FA on new devices are being sent late or not at all. This is blocking successful sign-ins for these users. We are investigating.
Posted Apr 14, 2024 - 14:27 UTC
We are currently investigating this issue.
Posted Apr 14, 2024 - 14:21 UTC