Web traffic protection specialist Cloudflare is racing to recover its systems after an unspecified outage affecting its Access zero-trust platform downed multiple public-facing services, including OpenAI’s ChatGPT, outage information aggregator DownDetector and social media platform X.
The issue first came to wider attention at around 11.20am in the UK – approximately 7.00am on the east coast of the US – and was initially described by Cloudflare as an “internal service degradation” causing intermittent impacts to some services.
At approximately 1.00pm UTC, Cloudflare was forced to take further steps affecting UK users specifically, pulling its WARP proxy tunnelling client offline, meaning users in London trying to access the internet via WARP saw their connections fail.
In an update made at 1.13pm UTC (8.13am EST), Cloudflare said: “We have made changes that have allowed Cloudflare Access and WARP to recover. Error levels for Access and WARP users have returned to pre-incident rates. We have re-enabled WARP access in London.”
Other remediation works are ongoing, as reports of disrupted services continue to trickle in.
Cloudflare, which is well known for its frontline cyber defensive work in blocking distributed denial of service (DDoS) attacks, did not disclose any further information about the nature of the issue, nor whether or not it had itself fallen victim to a cyber attack.
A Cloudflare spokesperson told Computer Weekly: “We saw a spike in unusual traffic to one of Cloudflare’s services beginning at 11.20am UTC. That caused some traffic passing through Cloudflare’s network to experience errors. We do not yet know the cause of the spike in unusual traffic. We are all hands on deck to make sure all traffic is served without errors. After that, we will turn our attention to investigating the cause of the unusual spike in traffic.
“We will post updates to cloudflarestatus.com and more in-depth analysis when it is ready to blog.cloudflare.com,” they added.
Repeating patterns
Cloudflare’s period of downtime, albeit brief, comes in the wake of other high-profile outages at tech giants such as Amazon Web Services (AWS) and Microsoft Azure, which caused chaos at multiple downstream organisations.
Graeme Stewart, head of public sector at Check Point, said the upside of such large platforms was clear – in that their scale keeps costs low, gives smaller organisations access to enterprise-grade performance and, in Cloudflare’s case, improves accessibility to security tools. However, he added, the downside is just as clear.
“When a platform of this size slips, the impact spreads far and fast, and everyone feels it at once,” he said.
“During today’s outage, news sites, payments, public information pages and community services all froze. That was not because each organisation failed on its own. It was because a single layer they all rely on stopped responding. People saw a simple error page, but the disruption reached into the systems that hold up essential services.”
Stewart added: “From a cyber security view, this is the part that matters. Any platform that carries this much of the world’s traffic becomes a target. Even an accidental outage creates noise and uncertainty that attackers know how to use. If an incident of this scale were deliberately triggered, the disruption would spread across countries that use these platforms to communicate with the public and deliver essential services.”
Once again, said Stewart, users were paying the price for a lack of choice in the industry and the concentration of huge amounts of global traffic into a few large providers.
“Large platforms bring benefits, but events like today show the cost of that decision. Until there is real diversity and redundancy in the system, each outage will hit people harder than it should,” he said.
