“I panicked—what happened?” Cloudflare outage triggers global internet chaos

“I panicked—what happened?” Cloudflare outage triggers global internet chaos

On Tuesday morning Eastern Time, internet infrastructure service provider Cloudflare stated that its global network was experiencing anomalies, causing a large number of websites—including the social media platform X—to encounter "internal server error" and other access issues. Users were unable to access many websites and services, including retail, e-commerce, social media, financial services, and transportation-related platforms. The company later claimed that the issue was resolved in less than four hours.

During the outage, some functions of X were interrupted, and many websites also became inaccessible. According to data from the outage tracking platform Downdetector, besides X, a large number of sites were affected, and related reports kept rising. Users visiting websites such as X, ChatGPT, DoorDash, IKEA, and the Metropolitan Transportation Authority (MTA) of New York City saw error messages related to Cloudflare.

Subsequently, a female spokesperson for Cloudflare said that at around 6:20 a.m. Eastern Time, one of their services experienced an abnormal surge in traffic, causing errors in the traffic passing through the company’s network.

Another Cloudflare spokesperson, Jackie Dutton, said in a statement that the issue was caused by an auto-generated configuration file used to manage threat traffic, and the fix took less than four hours. The company stated that the core fix had been deployed but cautioned that the system “still needs time to fully stabilize.”

Dutton said:

"The number of entries in this file exceeded the expected size, triggering a software system crash responsible for handling traffic for some Cloudflare services."

The statement said there was no evidence the incident was related to a cyberattack or malicious activity.

The scope of the outage was extremely wide. Downdetector stated on its platform that during Cloudflare’s downtime, “there were over 2.1 million reports of affected services,” indicating that this event was one of the more serious infrastructure-level outages in recent years.

After the incident, Cloudflare’s stock price plummeted 7% at the opening on Tuesday, but the decline narrowed afterwards.

There was also a reaction in the digital asset industry. Binance co-founder and former CEO Zhao Changpeng posted on X: “Blockchain kept working,” implying that decentralized systems were not affected by the incident.

By 12:15 p.m. Eastern Time, Cloudflare stated that the system was gradually recovering, but some regions worldwide might still experience access errors, decreased performance, or login issues. The company will keep updating the repair progress on its status page.

Over-Reliance on a Few Companies

In recent years, global internet usage has been paralyzed several times due to issues with digital infrastructure providers. Companies like Amazon Web Services (AWS), CrowdStrike Holdings Inc., and Microsoft have all experienced similar incidents, highlighting the world's heavy reliance on just a handful of companies for services.

Services from Cloudflare and AWS are almost “invisible” to ordinary users, but their tools support the large number of websites and services that consumers use daily.

Last month, AWS crashed and left parts of the internet paralyzed, making websites and applications unusable for millions of users, hindering retail sales, interrupting social media and financial services, and affecting many businesses. Last year, a vulnerability in a tool used by cybersecurity company CrowdStrike caused widespread computer system crashes globally, resulting in thousands of flight delays and cancellations and throwing the operations of government agencies and large enterprises into chaos.

Graeme Stewart, an expert at California cybersecurity company Check Point Software, said such incidents highlight the internet’s over-reliance on a few infrastructure providers.

He said:

"Many institutions still let all key services rely on a single path, and there isn’t a truly effective backup. If that path has a problem, there is no fallback plan. That’s the issue we keep seeing."

Alan Woodward, a cybersecurity professor at the University of Surrey, said Tuesday’s incident once again demonstrated the internet’s dependence on “a handful of players.” He described Cloudflare as “the biggest company you’ve never heard of.”

"People have no choice but to rely on these few large companies."

Chief Technology Officer Apologizes

Cloudflare CTO Dane Knecht apologized for the incident. He wrote on X:

"When there is a problem with the Cloudflare network, impacting the vast traffic that relies on us, we have let down our customers and the entire internet. The issue itself, the impact it caused, and the time it took to resolve are all unacceptable. We have started work to make sure this doesn’t happen again, but I know today we caused you trouble. Our customers’ trust is most important, and we will do everything possible to win that trust back."

Cloudflare has experienced similar outages several times in recent years.

In July 2019, a bug in Cloudflare’s software caused some network modules to overuse computing resources, taking offline thousands of websites relying on Cloudflare (including Discord, Shopify, SoundCloud, and Coinbase) for up to 30 minutes. In June 2022, Cloudflare had an outage affecting traffic at 19 of its data centers, paralyzing multiple major websites and services for about an hour and a half.

Cloudflare’s software is used by hundreds of thousands of companies worldwide as a buffer layer between corporate websites and end users, protecting sites from traffic attacks or outages caused by traffic surges.

Last year, a buggy software update released by cybersecurity company CrowdStrike caused millions of devices running Microsoft Windows systems to crash, causing large-scale chaos across industries including aviation, banking, and healthcare.

CrowdStrike's outage stemmed from a bug in a product running at the lowest level of customers' computers. Cloudflare, on the other hand, protects internet infrastructure such as websites and platforms, so when Cloudflare goes down, many popular websites become inaccessible or have issues. Cloudflare is mainly responsible for "keeping websites online and fast," while CrowdStrike focuses on protecting computers and servers from attacks.

Risk Warning and DisclaimerThe market carries risks, and investments should be made cautiously. This article does not constitute personal investment advice and does not take into account individual users' specific investment objectives, financial situations, or needs. Users should consider whether any opinions, views, or conclusions in this article are suitable for their own circumstances. Investing based on this is at your own risk.