Delayed and incomplete security incident notification

9/10 Critical

Security incidents involving data leaks were not immediately communicated to affected customers. Many hours passed before notifications were sent, and some affected users were never notified, with the company becoming unresponsive to escalations.

Category
security
Workaround
none
Stage
monitoring
Freshness
emerging
Recurring
No
Buyer Type
team
Maintainer
abandoned

Sources

Collection History

Query: “What are the most common pain points with Railway for developers in 2025?4/7/2026

They didn't immediately notify customers about the security incident (people learned from their users). The apparently have emailed affected customers only, many hours after. Some people that were affected that still haven't been emailed, and they seem to be radio silent lately.

Created: 4/7/2026Updated: 4/7/2026