Cloudflare, one of the biggest DDoS and security providers on the internet, suffered a major outage yesterday, knocking out several major websites, including X, OpenAI, and even some McDonald’s branches across the globe. Its chief technology officer has since apologized for the massive error, while its co-founder, Matthew Prince, has since released the details of the cause of the outage on the company blog.
Since Cloudflare is a web security outfit that protects a big chunk of the internet from DDoS and other similar network intrusions, one of the first thoughts of the company was that it was under attack. In fact, Microsoft released a report of a record-breaking DDoS attack against its servers on the same day that the Cloudflare issue happened. However, the company realized that it was actually caused by a configuration error after further investigation.
“The issue was not caused, directly or indirectly, by a cyber attack or malicious activity of any kind. Instead, it was triggered by a change to one of our database systems’ permissions, which caused the database to output multiple entries into a 'feature file' used by our Bot Management system,” Prince wrote in the blog. “That feature file, in turn, doubled in size. The larger-than-expected feature file was then propagated to all the machines that make up our network.”
Although the file that caused the error was deployed at 11:05 UTC, its impact was first felt 23 minutes later at 11:28. The outage was initially intermittent, especially as the misconfigured file propagated throughout Cloudflare’s infrastructure. After 13:00 UTC, the error had completely taken over the network, and it wasn’t until 14:30 UTC that it was identified and resolved. By 17:06 UTC, all affected services were restarted, and traffic has returned to normal.
While there are alternatives to Cloudflare, it’s one of the biggest CDN providers on the market, owning around 28% of the market share, according to Blazing CDN. This meant that an issue with the company could potentially take down a third of the internet. However, this isn’t the first massive outage of 2025 — Amazon Web Services went down in late October, crippling several online services, while a buggy CrowdStrike update caused Windows machines all over the globe to BSOD in July.
Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.