Mysterious webhooks in production environment

Hi there, today we received a slew mysterious webhook in our production environment that don’t seem to correspond to any jobs we’ve requested. The Stuart job IDs are 295488634 and 295489019. In the first case there was a single isolated webhook, but in the latter we received a full lifecycle-worth.

In both cases cases querying the jobs endpoint with the above job IDs returns a 403.

In diagnosing we noted that the client reference values aren’t consistent with the format we use (we use XXXXXX where the values were XXXX-XXXX-XXX_XXXXXXXXXXX). Finally, as best I can tell the pickup locations don’t match any of our stores.

I’m wondering if perhaps we were mistakenly send webhooks intended for another customer, or maybe these were inadvertently created by Stuart during internal testing?

Let me know if you’d like to see the full payload, not posting publicly out of an abundance of caution.

Thanks in advance!

Hi there, we’re continue to see the same behavior today. So far today we’ve received a lifecycle-worth of webhooks for 3 jobs we’ve never requested:

• job ID 295501282 / delivery ID 304792107 / client reference 5680-8591-08_10285492623
• job ID 295508791 / delivery ID 304800312 / client reference 5680-8744-131_10285562150
• job ID 295507270 / delivery ID 304798630 / client reference 5680-8699-021_10285548190

This is currently blowing up our alerting - would be great to get some eyes on this (especially in case this is another customer’s data leaking across firm boundaries: all of these jobs seem to involve a pickup at the same retailer’s stores).

Hi @mirek ,

Thanks for flagging this.

As mentioned in our direct chat, there’s an ongoing issue we’re working to resolve — ideally by the end of today.

I’ll keep you updated.

Best,