Social media sites X and Facebook, design platform Canva, music streaming platform Spotify and AI chatbot ChatGPT were among many websites affected by an outage at internet infrastructure firm, Cloudflare.
DownDetector said users reported more than 10,000 issues related to Cloudflare and websites were down for several hours. Cloudflare said it has now fixed the issue.
Today’s incident follows a major outage at Amazon Web Services in October.
Posting on X, Dane Knecht, Cloudflare CTO, said:
“I won’t mince words: earlier today we failed our customers and the broader Internet when a problem in Cloudflare network impacted large amounts of traffic that rely on us. The sites, businesses, and organizations that rely on Cloudflare depend on us being available and I apologize for the impact that we caused.
“Transparency about what happened matters, and we plan to share a breakdown with more details in a few hours. In short, a latent bug in a service underpinning our bot mitigation capability started to crash after a routine configuration change we made. That cascaded into a broad degradation to our network and other services. This was not an attack.
“That issue, impact it caused, and time to resolution is unacceptable. Work is already underway to make sure it does not happen again, but I know it caused real pain today. The trust our customers place in us is what we value the most and we are going to do what it takes to earn that back.”
Reaction to the Cloudflare outage
Experts commenting on the Cloudflare outage said it highlights the vulnerabilities of digital infrastructure.
Rowan O’Donoghue, chief innovation officer and co-founder at Origina, said:
“The most likely cause of this huge global disruption is almost certainly a boring, explainable engineering mistake or failure in a central system from one single company.
“It shows how the digital world is tethered to a handful of hyperscalers and infrastructure giants. When one goes down, businesses everywhere suffer – and today’s Cloudflare outage proves it.
“This isn’t just about inconvenience; it’s about systemic risk. Vendor lock-in and forced upgrade cycles have created fragile ecosystems that prioritise scale over resilience.
“The future shouldn’t be ‘cloud-first’ – it should be choice-first. Businesses need strategies that reduce dependency, retain control, and balance innovation with stability.
“Choice is power. Outages like this are a stark reminder why we should be rethinking how we build digital infrastructure moving forward.”
Fadl Mantash, chief information security officer at Tribe Payments, said:
“Today’s Cloudflare outage shows how vulnerable the digital economy has become. When a single upstream provider experiences issues, the impact doesn’t stay contained; it cascades across industries, touching everything from social media platforms to e-commerce checkouts and backend payment services.
Payments are particularly exposed. The infrastructure behind a single transaction relies on a chain of cloud platforms, processors, third-party APIs, authentication tools, and card schemes. When any link in that chain fails, the entire journey can break. It’s the same pattern we saw during last year’s CrowdStrike incident: the initial issue wasn’t in payments, yet payments were among the most visible casualties.
“This is exactly why resilience can’t start at the moment of crisis. The payments industry needs to adopt the ‘prepper’ mindset – building modular systems that isolate faults, rehearsing failure scenarios, and ensuring teams know precisely how to respond when something goes down. This also reflects the importance of adhering to robust frameworks in our day-to-day activities. As a highly regulated industry, the many compliance frameworks provide critical guarantees that cover not just security, but also resilience against incidents.
“Resilience is one side of the foundational information security triad: confidentiality, integrity, and availability. Companies need to make all three principles their ‘bread and butter’. By ensuring the confidentiality of sensitive data, the integrity of transactions, and the availability of services even during disruptions, we can build a more secure and trustworthy financial ecosystem.”
Thomas Gillan, CEO at BR-DGE, said:
“Today’s Cloudflare outage is another reminder of just how fragile the internet’s backbone can be, and how quickly a single point of failure can ripple through global commerce. When a core infrastructure provider goes down, everything connected to it feels the impact. When an outage like this occurs, it’s not just a single site going offline, but potentially all the dependent services, from checkout pages to payment APIs and token services, that fail together.
“For merchants that rely on a single payment provider plus a single hosting or edge layer, the risk compounds: an infrastructure outage can cascade into a payments disruption, revenue loss and stalled expansion.
“Our latest research shows that 92% of enterprise e-commerce merchants have suffered payments outages in the past two years, with some losing more than £10 million. Events like today underline why businesses can’t afford to rely on one provider or one route to keep revenue flowing.
“Resilience isn’t a ‘nice to have’, it’s a strategic necessity. Merchants need payment infrastructures that can reroute traffic automatically, maintain performance under pressure and prevent a technical issue – anywhere in the chain – from becoming a business-critical outage.”