Major internet outage as cloud services provider suffers issues

Sites such as Reddit, Spotify, Amazon and Gov.UK were all affected, as well as major news outlets such as the Guardian, Financial Times, Independent and the New York Times. Visiting these sites and specific web pages resulted in the basic error message: “Error 503 Service Unavailable”.

The Guardian tweeted: “The Guardian’s website and app are currently being affected by a wider internet outage and will be back as soon as possible.”

According to a number of reports from news organisation on Twitter (which appears to be unaffected by the outage), a company called Fastly appears to be to blame.

Fastly provides cloud security services to websites including denial-of-service attack protection, bot mitigation, and a web application firewall.

The US firm has confirmed it is “currently investigating potential impact to performance with our CDN (content delivery network) services”.

Michael Barragry, security consultant at Edgescan, said: “CDNs have become ubiquitous in today’s web. Although they are primarily used to ensure smooth delivery of resources so that websites can perform optimally, they also often supply additional security features such as WAF-like traffic filtering and DDoS protection.

“The exact nature of this “issue” is unclear, but given how vast the impact appears to be, it looks to have transcended any failover or redundancies that were in place. This outage could also represent a window of opportunity for further attacks – especially against those sites which have an over-dependence upon CDN infrastructure for their security.

“Additional independent security layers should be used where appropriate to ensure that no single point of failure is present.”

Professor Mark Rodbert, visiting professor in computer science at the University of York and founder of cybersecurity firm Idax Software, said the incident showed the internet was too reliant on a small number of companies to stay online.

“It is remarkable that within ten minutes, one outage can send the world into chaos,” he said.

“This demonstrates the extent to which the move to the cloud has changed the things that companies need to protect.

“Whether the people inside a company or a supplier have made a mistake, or malicious perpetrators outside the perimeter have created the problem, it’s so important that we create firebreaks in the system so that if one company, or even just one well-connected employee, is compromised, the whole system isn’t brought to its knees.”

UPDATE 12.30PM: The outage seems to have been fixed and the aforementioned sites are now available again.