On November 18, 2025, internet infrastructure giant Cloudflare, Inc. triggered a massive global outage that disrupted thousands of websites and applications, including ChatGPT, X (formerly Twitter), Canva and several government-agency portals, when a routine configuration file grew beyond expected size and caused cascading software failures in Cloudflare’s network.
According to Cloudflare's status updates the first alarm was raised around 11:48 UTC when the company logged “internal service degradation” on its global network. By 14:42 UTC, Cloudflare had deployed a fix and declared the incident resolved, albeit with a warning that residual errors could persist.
In a follow-up statement, CTO Dane Knecht apologized and said that the outage resulted from a technical flaw, not from a cyberattack. The disruption shows the growing fragility of the internet: a single provider handling an estimated 20% of global web traffic saw thousands of services falter within hours.
In November 2024, Cloudflare lost roughly half of all customer logs for more than three hours after a configuration change triggered a bug that pushed a blank file into its log-forwarding system, silently breaking its observability pipeline. These incidents may differ in scale, but the underlying theme is the same: a single flawed update inside a highly centralized internet backbone can ripple outward to millions of users and organizations.
The back-to-back November failures raise questions about systemic resiliency, configuration governance, and whether today’s internet has become too dependent on a handful of edge-network providers whose internal errors can temporarily destabilize the web at large.
Cloudflares CTO Dane Knecht stated on X, “I won’t mince words: earlier today we failed our customers and the broader Internet when a problem in @Cloudflare network impacted large amounts of traffic that rely on us. The sites, businesses, and organizations that rely on Cloudflare depend on us being available and I apologize for the impact that we caused.
Transparency about what happened matters, and we plan to share a breakdown with more details in a few hours. In short, a latent bug in a service underpinning our bot mitigation capability started to crash after a routine configuration change we made. That cascaded into a broad degradation to our network and other services. This was not an attack.
That issue, impact it caused, and time to resolution is unacceptable. Work is already underway to make sure it does not happen again, but I know it caused real pain today. The trust our customers place in us is what we value the most and we are going to do what it takes to earn that back.”
See also: HIPAA Compliant Email: The Definitive Guide (2025 Update)
Internet outages often happen because of misconfigurations, hardware failures, cyberattacks, or disruptions at major infrastructure providers.
Many websites depend on large content delivery networks (CDNs) and DNS providers, so a failure in one provider can ripple across the internet.
Most global outages last from minutes to a few hours, depending on how quickly engineers identify and fix the issue.
No, many outages are caused by internal errors, software bugs, or routine updates gone wrong rather than malicious activity.