Global internet infrastructure provider Cloudflare experienced a significant service disruption on Friday, December 5, marking the second such incident in a matter of weeks.
The outage led to thousands of users reporting connectivity issues and “500 Internal Server Error” messages across a broad spectrum of popular online services.
Monitoring website Downdetector recorded a peak of nearly 4,000 user reports around 9:03 AM UTC on Friday. Data from these reports indicated that 32% of reported problems were related to general website issues, while a substantial 66% stemmed from server connection difficulties.
Cloudflare officially acknowledged the issues at 8:56 AM UTC, stating it was “investigating issues with Cloudflare Dashboard and related APIs.” The company further elaborated on the impact, noting: “Customers using the Dashboard / Cloudflare APIs are impacted as requests might fail and/or errors may be displayed.” However, approximately 16 minutes later, at 9:12 AM UTC, Cloudflare announced that “a fix has been implemented and we are monitoring the results.”
The disruption extended to numerous high-profile platforms that rely on Cloudflare’s services for performance and security. Affected services included social media platforms like X and LinkedIn, streaming service Spotify, AI research lab OpenAI, graphic design tool Canva, and e-commerce platform Shopify.
In Case You Missed It:
Downdetector, an independent online platform, serves as a crucial barometer for service interruptions. It enables users to report problems with widely used digital services, including social media, web hosting, and banking platforms. The site flags an incident only when the volume of problem reports significantly exceeds the typical levels for a given time. Describing its function, Downdetector states it is “where people go when services don’t work.”
Initial reports from Cloudflare indicated that the incident was not a cyberattack. Instead, the company attributed the disruption to “a deliberate change made by its firewall handles data requests, to fix a security vulnerability.” Cloudflare further explained that “a change made to how Cloudflare’s Web Application Firewall parses requests caused Cloudflare’s network to be unavailable for several minutes this morning.” This change was reportedly deployed to mitigate an “industry-wide vulnerability disclosed this week in React Server Components.”
The outage also coincided with scheduled maintenance activities in several U.S. data centres.
