We are committed to transparency regarding the security and privacy of our users. This post is to inform the public of a caching-related security incident that occurred on the ZAIKO platform on March 7–8, 2026.

What happened
Due to a misconfiguration in our CloudFront caching policy on a new endpoint, a small subset of logged-in users attending a specific event were temporarily able to view account information belonging to another user of the same event. The issue was isolated to this event's caching configuration and did not affect any other events or users on the platform.

• Incident period: 21:10 JST, Saturday March 7, 2026 – 12:28 JST, Sunday March 8, 2026

• Resolved: 12:28 JST, Sunday March 8, 2026

The misconfiguration has been identified and corrected, and the issue was fully resolved as of 12:28 JST on March 8, 2026.

Impact
71 users had account data that may have been visible to another logged-in user of the same event. This incident was caused solely by a misconfiguration on ZAIKO's part. The event organizer and artists bear absolutely no responsibility for this matter. The data potentially visible was limited to: name, email address, date of birth, gender, past purchase history, and last 4 digits of registered credit card. Passwords and full card numbers were not exposed at any time. Data was never publicly accessible.

What we did
Upon identifying the issue, we took the following steps:

• Identified and deleted the misconfigured caching policies

• Invalidated the CloudFront cache

• Cleared all active user sessions platform-wide as a precautionary measure

• Conducted a full review of caching configurations across the entire platform

User notifications
We have notified all potentially affected users directly by email on March 9, 2026.

Our commitment
We take the security and privacy of our users seriously. We apologize sincerely to all affected users, event organizers, and performers for the inconvenience this incident has caused. We will continue to review and strengthen our infrastructure to prevent similar issues from occurring in the future.

If you have any questions regarding this incident, please contact us at support@zaiko.io.