Cloudflare Resolves Global Outage That Disrupted ChatGPT, X

(Bloomberg) -- A major outage on the network of cybersecurity firm Cloudflare Inc. was resolved after disrupting websites ranging from X to ChatGPT around the globe for several hours on Tuesday.

The problem also affected websites for the chief US energy regulator and the New Jersey transit authority. Many services were back online by 10 a.m. in New York.

Cloudflare observed a “spike in unusual traffic” to one of its services around 6:20 a.m. New York time, causing some traffic passing through its network to experience errors, a company spokesperson said. The issue, caused by a configuration file that is automatically generated to manage threat traffic, took less than four hours to fix, Jackie Dutton, a Cloudflare spokesperson, said in a statement.

“The file grew beyond an expected size of entries and triggered a crash in the software system that handles traffic for a number of Cloudflare’s services,” said Dutton. 

There was no evidence of a cyberattack or malicious activity, the statement said. 

Internet usage around the world has been hobbled on several occasions in recent memory due to glitches at companies that provide the digital infrastructure that keeps websites running. Problems at Amazon.com Inc.’s cloud service, CrowdStrike Holdings Inc. and Microsoft Corp. have caused similar issues, underscoring the extent to which the world relies on a small number of firms to remain online. 

Explainer: Why Today’s Internet Is So Fragile

Anthropic PBC said its Claude AI chatbot was affected on Tuesday. 

The website for the Federal Energy Regulatory Commission, which oversees US electricity markets, utilities, power traders and other energy-related matters, was also down. A host of companies, attorneys and regulators depend on the site to access regulatory cases and filings. The websites of global food and agricultural giants including Cargill Inc. and Louis Dreyfus Co. also went down.

New York City’s transit system was also affected by Cloudflare’s outage, according to a spokesperson for the Metropolitan Transportation Authority. The agency’s website on Tuesday urged riders to use its apps — MTAapp or TrainTime — for real-time transit status and trip planning because of a third-party issue affecting many websites. The MTA is the largest public transportation network in the US and runs the city’s subways, buses and commuter rails.

New Jersey Transit similarly said its website and its mobile app were affected and warned that services were temporarily unavailable or slow. 

Cloudflare Chief Technology Officer Dane Knecht apologized for the incident in a post on X on Tuesday. 

“That issue, impact it caused and time to resolution is unacceptable,” he wrote. “Work is already underway to make sure it does not happen again, but I know it caused real pain today. The trust our customers place in us is what we value the most and we are going to do what it takes to earn that back.” 

The company has experienced several outages over the past few years. 

In July 2019, a bug in Cloudflare’s software caused one part of its network to suck up computing resources, leading thousands of websites including that of Discord, Shopify Inc., SoundCloud and Coinbase around the world to go offline for as long as 30 minutes. In June 2022, Cloudflare suffered an outage that affected traffic in 19 of its data centers, also essentially shutting down major websites and services in an incident that lasted about an hour and a half.

Cloudflare’s software is used by hundreds of thousands of companies globally, acting as a buffer between their websites and end users and working to protect their sites from attacks that might overload them with traffic.

Last year, a faulty software update from the cybersecurity firm CrowdStrike Holdings Inc. crashed millions of devices operating on Microsoft Corp.’s Windows systems, disrupting a wide range of industries, including air travel, banks and health care.

CrowdStrike’s outage was the result of an error in a product that operates at the deepest levels of customers’ computers. By contrast, Cloudflare protects internet infrastructure such as websites and platforms, which is why many popular websites go down or are unreliable during Cloudflare outages. Cloudflare largely focuses on keeping websites online and fast, while CrowdStrike focuses on keeping computers and servers safe from attacks. 

The downtime Tuesday is the latest example of the internet’s reliance on “relatively few players,” Alan Woodward, professor of cybersecurity at the University of Surrey, said, describing Cloudflare as the “biggest company you’ve never heard of.”

“People have no choice but to depend on relatively few big names,” said Woodward.

A similar outage at Amazon.com Inc.’s cloud service last month stretched for about 15 hours, disrupting operations at major firms including Apple Inc., McDonald’s Corp., and Epic Games Inc. According to the company, the problem stemmed from a fault in a digital directory tied to a critical database system. That glitch triggered a chain reaction, preventing software dependent on the database from accessing essential information.

While addressing the malfunction, Amazon’s engineers discovered that additional subsystems had also been affected, including one crucial for enabling customers to spin up new rented servers.

©2025 Bloomberg L.P.