A software error in Cloudflare’s network triggered widespread internet disruptions November 18, taking down thousands of websites and services for approximately four hours.
The outage began at 11:20 UTC (Coordinated Universal Time) when Cloudflare’s network experienced significant failures in delivering core traffic. Users attempting to access affected websites encountered error pages indicating failures within Cloudflare’s infrastructure. Major platforms including X, formerly known as Twitter, ChatGPT, Spotify, Discord, News Ghana and cryptocurrency services experienced partial or complete service interruptions during the incident.
The disruption stemmed from a bug in generation logic for a Bot Management feature file, according to Cloudflare’s incident report. A change to one of the company’s database systems caused the database to output multiple entries into the feature file used by Bot Management, doubling its size beyond expected parameters. That oversized file was then propagated across all machines comprising Cloudflare’s global network.
Software running on these machines reads the Bot Management feature file to maintain current threat intelligence. When the larger than expected file reached the traffic routing systems, it triggered crashes in the software handling traffic for multiple Cloudflare services. The company initially suspected a large scale distributed denial of service attack before correctly identifying the configuration file as the root cause.
Cloudflare said there was no evidence the outage resulted from a cyberattack or malicious activity of any kind. Doug Madory, director of internet analysis at Kentik, confirmed he saw no evidence of a distributed denial of service (DDoS) attack. Such an attack against Cloudflare would have been particularly surprising given the company’s role as a leading provider of protection against such threats.
Engineering teams stopped propagation of the oversized file and replaced it with an earlier version, restoring core traffic flow by 14:30 UTC. Work continued over subsequent hours to mitigate increased load on various network components as traffic rushed back online, with all systems functioning normally by 17:06 UTC.
Cloudflare provides content delivery network services, security protections and infrastructure management for approximately 20 percent of websites globally. The company’s services help manage traffic, guard against cyberattacks and optimize performance for businesses worldwide. This extensive reach meant the outage affected a disproportionately large segment of internet services relative to a single point of failure.
Affected platforms included OpenAI’s ChatGPT artificial intelligence service, which acknowledged issues caused by a third party service provider on its status page. Social media platform X experienced significant disruptions with thousands of users reporting failures on mobile and web applications. Digital tools including Canva, Shopify, Medium, League of Legends and multiple cryptocurrency exchanges also suffered outages.
The incident’s scope was such that even Downdetector, a service designed specifically to track outages, reported problems accessing its own platform. Some users experienced difficulties with payment processors and food delivery services. Gaming platforms League of Legends and Valorant saw connectivity problems, with developer Riot Games acknowledging they were investigating issues causing players to disconnect.
Website maintenance service SupportMy.website estimated economic losses between five billion and 15 billion dollars for each hour of the outage. The firm noted that approximately 35 percent of Fortune 500 companies rely on Cloudflare services, making the disruption particularly costly for enterprise operations. Jason Long, founder of the maintenance service, said businesses often don’t realize their dependence on Cloudflare infrastructure until outages occur.
Dane Knecht, Cloudflare’s Chief Technology Officer (CTO), issued a public apology on X following the incident. He acknowledged the company failed its customers and the broader internet community during the disruption. Cloudflare’s statement emphasized that given the company’s importance in the internet ecosystem, any outage of its systems is unacceptable.
The November outage follows a pattern of major internet infrastructure disruptions in recent months. Amazon Web Services experienced a daylong disruption in October 2025 affecting numerous online services, followed by a global outage of Microsoft’s Azure cloud and Office 365 services. These sequential failures highlight vulnerabilities associated with internet concentration among a small number of large infrastructure providers.
Previous major outages underscore this recurring challenge. A June 2021 Fastly configuration error took down major sites including The Guardian, CNN and Reddit. Cloudflare itself experienced a July 2019 outage caused by a regular expression error that produced widespread disruptions. The October 2016 Dyn attack targeted a Domain Name System (DNS) provider, affecting Twitter, Netflix and PayPal.
Network infrastructure experts note that modern internet architecture faces an inherent tension. The same centralization that delivers efficiency, cost savings and performance improvements simultaneously creates systemic vulnerabilities when single providers experience technical failures. Organizations relying heavily on any one infrastructure provider face risks from operational failures, misconfigurations or service degradations beyond their direct control.
Cybersecurity analysts recommend several resilience strategies to mitigate such risks. These include establishing redundant DNS providers, implementing multi content delivery network strategies, maintaining hybrid cloud approaches and ensuring backup systems remain functional. Independent monitoring and logging systems that don’t rely on the same provider delivering core services can help organizations validate outages and make informed decisions during disruptions.
Cloudflare announced it would conduct a deeper investigation into the incident and post detailed analysis on its engineering blog. The company said no configuration changes would be made during the monitoring period as teams continued observing platform behavior. Cloudflare shares traded down 3.5 percent in premarket activity following the outage disclosure, though the stock recovered some losses during regular trading hours.
The incident reinforces lessons about infrastructure dependency management for businesses of all sizes. Organizations focusing solely on defending against malicious threats sometimes overlook resilience planning for operational failures from trusted service providers. Regular evaluation of external dependencies, simulation of downtime scenarios and verification of failover mechanisms can reduce operational impact when inevitable outages occur at major providers.
