Large parts of the web are down for thousands of people – including X, formerly called Twitter – amid a problem with Cloudflare.
Issues with the platforms, which also include PayPal, ChatGPT, Letterboxd and bet365, began at around 11.20am.
The list of impacted sites includes the Scottish Parliament, Vinted, and one of the world’s most popular video games, League of Legends.
Problems with ID.me, the US government’s verification website, have also been flagged by users.
Have you been impacted? Get in touch with us by emailing josh.milton@metro.co.uk
Metro reader Marion Fenlon, who is in her 60s and lives in East Sussex, said she is struggling to pay her parking ticket and can’t buy anything online.
Why has some of the internet gone down?
Cloudflare is a company that helps nearly two in 10 websites secure and manage their internet traffic. Many of the platforms that were knocked offline use their servers.
More than 11,000 people were reporting issues with Cloudflare at 11.40am, according to outage tracker Downdetector.
Cloudflare said on its status webpage that the issue has been fixed, adding: ‘We believe the incident is now resolved.’
The company’s co-founder and CEO, Matthew Prince, apologised ‘for the pain we caused the Internet’ in a blog post.
Prince said that the outage was caused by the system it uses to protect websites from distributed denial of service (DDoS) attacks crashing.
DDoS are an attempt to disrupt a server’s traffic by overwhelming it, though Prince stressed the outage was not itself caused by a cyberattack.
A lot of technical jargon, but the system uses AI to figure out if it’s a human or a bot trying to access a website protected with Cloudflare. During this, the AI makes a file to jot down notes.
Cloudflare tweaked how the system makes a file and it’s here that the hiccup happened – the AI model made multiple copies of the same file, causing the system to buckle under the pressure of all these files.
Prince added: ‘After we initially wrongly suspected the symptoms we were seeing were caused by a hyper-scale DDoS attack, we correctly identified the core issue and were able to stop the propagation of the larger-than-expected feature file and replace it with an earlier version of the file.’
Is the outage a privacy risk at all?
Rob Jardin, Chief Digital Officer at NymVPN, warned to Metro that the answer might be yes.
‘As Cloudflare is the intermediary between millions of users and the web, including through many VPN and crypto services, this can reveal the real IP addresses of people, creating opportunities for specific cyber attacks like a denial of service attack (DDoS),’ he said.
”Imagine you’re texting a friend, and suddenly the person managing the phone network can see who you are and what you’re doing. That’s essentially what happens.
‘Your real physical location (IP address) and the list of every website you try to visit (DNS queries) can be briefly exposed to anyone watching, including hackers or surveillance systems.’
Jardin added that today’s disruption is similar to the outage that shook Amazon Web Services, a major provider of cloud services.
AWS suffered a glitch during an update, causing an hours-long outage that dragged government websites, banks, games, streaming services, airlines and crypto platforms offline.
Ookla, which runs Downdetector, previously told Metro that the outage impacted at least 16 million people across 60 countries.
Are companies too reliant on third-party services like Cloudflare?
Going online is actually quite a tall order – and isn’t as invisible as it might feel to users.
It involves having giant data centres that can carry out demanding tasks like streaming video, running web applications and storing data.
More Trending
These centres cost a pretty penny, so many companies instead rent them out from the tech giants that can afford to make and run them, like Amazon. Same goes for cybersecurity services like Cloudflare.
The recent outages show what happens when too many websites rely on one giant company’s infrastructure, Georgina O’Toole, a chief analyst and partner at TechMarketView, told Metro.
‘Hidden infrastructure, like Cloudflare, is easy to forget about when it is working, but as soon as it fails, the implications are widespread,’ she said.
‘The topic of organisational resilience will once again rise to the top of boardroom agendas, with conversations turning to how best to spread risk, reduce impact and mitigate against issues that can’t be prevented.’
