That sounds like a possible race condition when multiple requests are executing at the same time. Without knowing anything about the design, perhaps you could look into database transactions. You could also look into generating load via jmeter, but then we wouldn’t get a picture.
From article.
Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push Epsilon information stealer malware using the Steam update system. … "The breach window was roughly 1:30 PM-2:30 PM Eastern (1830-1930 UTC+0) on 12/25. If you did launch Downfall on 12/25 during the breach window and got a Unity library installer popup, please continue to read. You may be also at risk…