The global rights changes (CentralAuth) and cross-wiki rights changes (MW core) systems rely on separate objects that are like User but called UserRightsProxy and CentralAuthGroupMembershipProxy to carry out rights changes. They basically rely on the Special:UserRights code in core to do a lot of the work, like calling addGroup/removeGroup and logging and things.
Global user rights (and to a slightly lesser extent cross-wiki user rights changes) are important - they manage things like staff, steward and system administrator access on-wiki, often covering things restricted by https://wikimediafoundation.org/wiki/Access_to_nonpublic_data_policy.
https://gerrit.wikimedia.org/r/#/c/180328/ started requiring User::addGroup to return a boolean true before changes would be logged, but these other classes did not get updated. This was deployed to Wikimedia wikis as part of 1.25wmf16 and hit metawiki (where stewards tend to use these functions) on the 10th of February (aka, yesterday) at 20:28 UTC, as part of group1.
A user (Ajraddatz) noted in https://meta.wikimedia.org/?diff=11227546 that he'd made a global user rights change but it did not get logged. I noticed this and a couple of us talked about it in #wikimedia-stewards - @hoo worked out why it was happening and came up with a fix, which I've reviewed and deployed (while Greg was unavailable - https://gerrit.wikimedia.org/r/#/c/189888/ and https://gerrit.wikimedia.org/r/#/c/189879/). We've since tested that the fix worked, but now we need to work out what changed that should have been logged.
For global user rights changes we just need to know what changed in centralauth.global_user_groups since 20:28 UTC 2015-02-10, but for cross-wiki rights I think we'd need to go through each wiki's local user_groups table changes since then and manually filter out changes that were made and logged locally (i.e., not changes made via meta).