Sentry's API authentication bypass vulnerability was discovered on July 20th, specifically in their integration platform. The vulnerability allowed a valid authentication token for the integration platform to be used on endpoints outside of its scope, potentially exposing customer data. Sentry deployed a patch at 14:04 UTC and notified 462 customers who may have been exposed. Forensics revealed that the vulnerability was not exploited in the wild and no customer data was accessed. The investigation highlighted several challenges, including the lack of association between authentication tokens and access logs, making it difficult to identify valid vs. invalid requests. Sentry improved their metadata management, penetration testing program, forensic tooling, and notification process as a result of this incident. They emphasize the importance of using automated testing, peer review, and education to improve security measures.