For a couple of hours last night, every one out of 4 websites I tried to access showed an error page.
Millions of users worldwide trying to access many popular websites such as ChatGPT, X (formerly Twitter), Canva, and League of Legends, were unable to, when Cloudflare had an outage.
All these websites were functioning properly, but because they leveraged Cloudflare’s DNS services, users were not able to access these sites.
The services recovered subsequently, but this brings to light the importance of service resilience, availability and independence.
What happened
According to Oded Vanunu, Head of Vulnerability Research, Check Point Software: “Cloudflare provides DNS services, the mechanism that translates domain names into IP addresses. When this service is disrupted, browsers fail to resolve addresses, and connections to servers break.”
The result: many websites and services become inaccessible even if the servers themselves are operational.
“Beyond DNS, Cloudflare operates a CDN network that accelerates browsing by distributing content copies across servers closer to users,” he added.
“A CDN failure forces all requests to reach the original server, sometimes located far away geographically, which slows loading times and increases core infrastructure load.”
The repercussions
Graeme Stewart, head of public sector, Check Point Software, commented: “Cloudflare going down sits in the same pattern we saw with the recent AWS and Azure outages.
These platforms are vast, efficient and used by almost every part of modern life, he said. “The upside is obvious. Their scale keeps costs low, makes security tools more accessible and gives even small organizations the kind of performance that would once have been impossible.”
The downside is just as clear. “When a platform of this size slips, the impact spreads far and fast and everyone feels it at once.”
According to some research, Cloudflare has more than 20% of the global DNS market, powering access to one-third of the world’s 10,000 most popular sites.
Jake Moore, Global Security Advisor, ESET, added: “The outages we have witnessed the last few months have once again highlighted the reliance on these fragile networks. Companies are often forced to heavily rely on the likes of Cloudflare, Microsoft, and Amazon for hosting their websites and services as there aren’t many other options.”
Moore observed that the problems causing these outages have occurred due to DNS servers that are most likely overwhelmed: “The technology is based on an outdated, legacy network that redirects words in a web addresses into computer-friendly numbers. When this system fails, it catastrophically collapses and causes these outages. However, the problem is that this system cannot be replaced easily. It may sound risky but the major cloud providers actually have lots of impressive failsafes in place and usually provide more protection than the lesser well known cloud providers.”
What does that mean for government and public services?
Stewart said: “During today’s outage, news sites, payments, public information pages and community services all froze.”
That was not because any of these organizations failed on its own. It was because a single layer they all rely on stopped responding.
“People saw a simple error page, but the break reached into the systems that hold up essential services,” continued Stewart.
“From a cybersecurity view, this is the part that matters. Any platform that carries this much of the world’s traffic becomes a target.”
Possible exploits
He warned that even an accidental outage can create noise and uncertainty that attackers know how to exploit.
He explained: “If an incident of this scale were triggered deliberately, the disruption would spread across countries that use these platforms to communicate with the public and deliver basic services.”
With many organizations still running everything through one route with no meaningful backup, a failure along that route means there is no fallback.
“That is the weakness we keep seeing play out,” Stewart emphasized. “The internet was meant to be resilient through distribution, yet we have ended up concentrating huge amounts of global traffic into a handful of cloud providers.”
“Large platforms bring benefits, but events like today show the cost of that decision. Until there is real diversity and redundancy in the system, each outage will hit people harder than it should,” he warned.
