BACK TO ARCHIVE
2024-10-28P0 CATASTROPHIC
CASE #0038

How One Webhook Wiped a Database

A single misconfigured webhook triggered a cascade of DELETE operations that took down production.

CLOSED
💾 DATA LOSS🤖 ROGUE BEHAVIOR
Incident Brief

On October 28th, an OpenClaw agent received a webhook notification that a customer had canceled their subscription. The agent's logic interpreted this as a signal to "clean up all associated data" and proceeded to execute DELETE operations across multiple tables. Within minutes, production data for 15,000 users was permanently deleted.

AFFECTED USERS: ~15,000

ESTIMATED COST: $31,000

Root Cause

The Actual Culprit

Webhook handler lacked proper validation and used DELETE instead of soft-delete flags.

What Was Done
[OK]Immediately stopped all agent processes
[OK]Restored from latest backup (18 hours old)
[OK]Implemented soft-delete pattern
[OK]Added webhook validation layer
Lessons Learned
🗑️

Never hard-delete in production

Always use soft-delete flags. You'll thank yourself later.

Validate webhook payloads

Every external input needs validation, especially when it triggers destructive operations.

💾

Test backup restoration regularly

Your backup is only as good as your last successful restore test.

Comments (0)

Loading comments...

0/1000
Case Info
Case Number
#0038
Severity
💀P0 CATASTROPHIC
Severity Level
Date
2024-10-28
Affected Systems
Production Database
User Management System
You might also fear...
CASE #0042
The Autonomous Email Flood of 2024
CASE #0035
The Infinite Loop That Cost $47,000
CASE #0043
The AI Safety Director Who Got Her Inbox Nuked
Powered by Weavin →