editorially independent. We may make money when you click on links
to our partners.
Learn More
A large-scale outage caused by Cloudflare issues, on Nov. 18, 2025, caused widespread disruptions across the internet and highlighted the importance of cyber resilience for organizations dependent on centralized infrastructure.
Cloudflare experienced an internal service degradation that triggered HTTP 500 errors throughout its network.
The failure resulted in partial or complete outages for millions of users worldwide, impacting a broad ecosystem of platforms that rely on Cloudflare to stay online.
Cloudflare acknowledged the issue at 11:48 UTC, reporting intermittent service problems affecting its dashboard, API, and core network functions.
By 12:21 UTC, the company noted signs of recovery, although many customers continued to encounter elevated error rates.
Complicating the situation, Cloudflare’s own status page was inaccessible during parts of the incident, preventing users from receiving timely updates.
Major Platforms Hit Hard by the Outage
The outage rippled across the global internet, affecting high-traffic platforms and emerging technologies.
Social media platform X (formerly Twitter) experienced significant disruptions, with thousands of users reporting failures on both mobile and web applications.
AI-driven services such as ChatGPT and Perplexity AI displayed Cloudflare-generated error pages, rendering them temporarily unusable.
Popular digital tools — including Canva, Spotify, Discord, League of Legends, Shopify, Medium, and multiple cryptocurrency exchanges — also suffered outages, forcing users to turn to alternatives or wait for recovery.
The incident’s reach was so extensive that even Downdetector, a service designed to track outages, reported problems, worsening user frustration.
The situation echoed recent outages at Amazon Web Services and Microsoft Azure in October 2025, underscoring the vulnerabilities associated with reliance on a small number of cloud providers.
These sequential failures serve as a reminder that the modern internet is tightly interwoven — and that disruptions in one major provider can have cascading global effects.
Compounding the challenge, routine maintenance occurring simultaneously in datacenters such as Los Angeles, Atlanta, Santiago, and Tahiti may have increased latency as traffic was rerouted.
Cloudflare also reported a separate issue with its third-party support portal, affecting the ability of some users to view support cases. While responses continued without interruption, the situation further complicated incident management and communication.
Cyber Resilience Lessons from the Outage
Although the Cloudflare disruption is not being reported as a cyberattack, the event demonstrated how quickly service interruptions — unexpected or otherwise — can impact business continuity.
Organizations focus heavily on defending against malicious threats but sometimes overlook resilience against operational failures, misconfigurations, or service provider outages.
The Cloudflare blackout serves as an important reminder that cyber resilience is as much about preparing for failures as it is about preventing them.
A foundational principle of cyber resilience is diversification. Many organizations experienced downtime because their dependency on Cloudflare was absolute, with no fallback path for DNS resolution, distributed content, or authentication flows.
Establishing redundant DNS providers, multi-CDN strategies, or hybrid cloud approaches can help ensure that single points of failure do not cascade into business-critical outages.
Similarly, organizations should maintain updated incident response (IR) plans that include playbooks for provider disruptions, including clear procedures for traffic rerouting, throttling, or activating static fallback sites when primary systems fail.
Resilience also requires transparency and communication. During the Cloudflare incident, the unavailability of the provider’s status page left many businesses uncertain about the scope and duration of the disruption.
Organizations should maintain independent monitoring and logging systems that do not rely on the same provider responsible for delivering their services.
These tools allow teams to validate outages, communicate internally, and make informed decisions even when upstream services are unavailable.
Lastly, resilience necessitates ongoing review and testing.
Regularly evaluating external dependencies, simulating downtime scenarios, verifying failover mechanisms, and ensuring backup systems are functional can reduce the operational impact of outages.
The recent series of disruptions across AWS, Azure, and Cloudflare illustrate that outages at major providers are not hypothetical — they are inevitable.
The Internet’s Fragility on Display
The Cloudflare global outage demonstrated both the vulnerability and interconnectedness of today’s digital ecosystem.
While the company worked quickly to restore functionality, the incident disrupted a vast array of services and reminded organizations of the need to strengthen their cyber-resilience strategies.
Having a clear disaster recovery and business continuity plan is essential for minimizing downtime.
