On Nov 27 at 14:45 GMT we identified a malfunctioning of our web app that caused git author information to be associated to the wrong organisation for some customers.
After investigating the issue, we have established that this was caused by a non-thread-safe routine triggered by our beta scanning engine that was being piloted by some customers.
This incident affected only a minority of our customers that were part of our early-preview program, who experienced code reviews being improperly locked, as well as incorrect suggestions being prompted requesting to license additional developers, and disclosing their email addresses.
We established that no user access anomaly occurred. The security of source code was not affected by this incident.
On Nov 27, 2019 at 15:37 GMT we released a fix and started monitoring the system to ensure the issue is resolved.
We are taking steps to improve our internal processes and ensure these circumstances are covered more robustly by our internal quality assurance process.