UPDATE (5/30/25): Following an OSF service disruption on May 23, 2025, the Center for Open Science (COS) has initiated a thorough review of our systems. COS has found no evidence that any third party compromised our system's security mechanisms or gained access to any private information.
In our review, we:
- Evaluated both Application logs and Audit logs, which document all system actions with timestamps, within a 12-hour window prior to and including this event. We found an Audit log trail congruent with our initial analysis of this incident, proving that the virtual machines running our clustered database instances were upgraded over a 7 minute window spanning 05:25:26.877 GMT-4 to 05:32:44.437 GMT-4 as a result of an unplanned automated system action initiated by OSF’s cloud service provider, Google Cloud Platform (GCP). This automated upgrade led to the corruption and loss of our database, necessitating restoration from our most recent backup before the incident.
- Examined Identity and Access Management (IAM) roles and Role-Based Access Controls (RBAC) governing access to our systems over a thirty day period prior to and including this incident.
- Conducted a thorough review of all changes to firewall rules and other networking policies over a thirty day period prior to and including this event.
We have also opened support tickets with our Cloud vendor to consult on additional measures we can take regarding threat monitoring and incident log analysis.
Additionally, we are taking steps to strengthen our infrastructure and prevent disruptions in the future. In the near term, we’re improving how we monitor infrastructure update timelines and have increased the frequency of database snapshots to enhance recoverability. Additional changes are under discussion as part of the review of our systems and safeguards.
###
(5/24/25) The Center for Open Science (COS) maintains the Open Science Framework (OSF) that supports researchers conducting and sharing their research. The purpose of this message is to provide information about a recent service disruption that resulted in data loss for a subset of users.
What happened?
On Friday, May 23, there was a disruption to OSF’s database. The cloud service provider for OSF, Google Cloud Platform (GCP), triggered an update at 5:24:16 AM GMT-4 that conflicted with the versions and settings of OSF services and corrupted the database. COS staff were notified of the service irregularities at 5:34 AM GMT-4, and OSF services were immediately taken offline to assess and address the disruption. We identified the cause and resolved it by restoring a database backup. The most recent backup was created on Thursday, May 22, 2025, at 10:03:24 PM GMT-4, meaning that OSF content modified and actions within a 7.5-hour window between May 22, 2025, 10:03:24 PM GMT-4 and May 23, 2025 at 5:24:16 AM GMT-4 was unrecoverable. We cannot recover the lost content, however no data was exposed or compromised during this disruption. All services, including the database backup, were restored at 10:03 AM GMT-4, approximately 4.5 hours after the disruption occurred.
Are my records affected?
If you posted files or made modifications during the 7.5-hour window, then those changes were lost. We conducted a manual review of notification and log systems and identified all affected users. We have contacted those users by email to inform them of the disruption and offer assistance. If you believe that you were affected and did not receive an email, please contact us via support@osf.io.
Why was the downtime so long?
We initiated assessment and correction immediately upon observing the disruption and kept the services offline until validating that the database was fully operational and recovered to the most recent version for continued use.
Next steps
We are taking this incident very seriously and thoroughly investigating what happened and what can be improved to avoid future disruptions. We will also review our processes to identify opportunities for more rapid and comprehensive backup restoration procedures. A post-mortem is planned for next week with the internal teams.
We know that trust depends on transparency and reliability. We apologize to the users that were affected by the data loss, and for the disruption in the availability of the service. This type of data loss is extremely rare, and should be nonexistent. We are taking steps to prevent it from happening again and to ensure the OSF remains a dependable tool for the research community.
