CloudFlare is one of the largest internet infrastructure companies on the planet, and its DDoS mitigation and DNS services are incredibly popular. Unfortunately, Cloudflare’s servers had a critical outage, leaving thousands of websites and services non-functional for a brief time.
Cloudflare said an issue “with Cloudflare Resolver and our edge network” was the cause for countless websites going offline earlier today, including Discord, Patreon, GitLab, Medium, Zendesk, and even Downdetector. You know it’s bad when Downdetector doesn’t even work.
Thankfully, services are starting to come back online. CloudFlare says, “the issue has been identified and a fix is being implemented,” so any remaining issues should work themselves out soon.
Cloudflare DNS goes down, taking a large piece of the internet with it
Many major websites and services were unreachable for a period Friday afternoon due to issues at Cloudflare’s 126.96.36.199 DNS service. The outage seems to have started at about 2:15 Pacific time and lasted for about 25 minutes before connections began to be restored. Google DNS may also have been affected.
Discord, Feedly, Politico, Shopify and League of Legends were all affected, giving an idea of the breadth of the issue. Not only were websites down but also some status pages meant to provide warnings and track outages. In at least one case, even the status page for the status page was down.
A DNS, or Domain Name System, is an integral part of the web, connecting domains (like TechCrunch.com) to their IP addresses (such as 188.8.131.52). If the one you or a site use goes down, it doesn’t matter whether a website’s own servers are working or not — users can’t even reach them in the first place.
Internet providers usually have their own, but they’re often bad, so alternatives like Google’s have existed for many years, and Cloudflare launched its service in late 2018.
Cloudflare wrote in a tweet and an update to its own status page (which thankfully remained available) that it was “investigating issues with Cloudflare Resolver and our edge network in certain locations. Customers using Cloudflare services in certain regions are impacted as requests might fail and/or errors may be displayed.”
Twitter won’t say if hackers accessed user DMs after breach
Twitter has said that there is “no evidence” that attackers obtained user account passwords after its security breach on Wednesday, which forced the company to lock down user accounts to prevent verified users from tweeting.
In a series of tweets on Thursday — almost exactly a day after the mass account hijacking started — the social media giant said: “We have no evidence that attackers accessed passwords. Currently, we don’t believe resetting your password is necessary.”
“Out of an abundance of caution, and as part of our incident response yesterday to protect people’s security, we took the step to lock any accounts that had attempted to change the account’s password during the past 30 days,” it said. “As part of the additional security measures we’ve taken, you may not have been able to reset your password. Other than the accounts that are still locked, people should be able to reset their password now.”
Twitter said that it’s “working to help people regain access to their accounts” following the security incident. Many high-profile accounts, including news organizations, were still locked out from their accounts by Thursday morning. Some are still locked and unable to tweet.
News of the incident broke in real time — on the social network, no less — after cryptocurrency sites were hijacked to send tweets promoting a common cryptocurrency scam. Several high-profile accounts, including @apple and @binance, as well as celebrities @billgates, @jeffbezos and @elonmusk — which collectively have 90 million followers — were hacked as part of the mass account hijackings.
A public record of the cryptocurrency wallet showed hundreds of transactions, amounting to more than $100,000, in just a few hours.
Twitter later confirmed that hackers launched a “coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”
A hacker with direct knowledge of the Twitter incident told TechCrunch that another hacker, who goes by the handle “Kirk,” gained access to an internal Twitter “admin” tool, which they then used to hijack high-profile Twitter accounts and spread the cryptocurrency scam.
It’s not known if other hackers also had access to the admin tool. The FBI is now investigating the incident, a spokesperson said Thursday.
But questions remain over exactly how much access the hackers gained, or if the hackers were able to read users’ private direct messages.
Ron Wyden, a Democratic senator, said in a statement that in a private meeting in 2018, Twitter’s chief executive Jack Dorsey said the company “was working on end-to-end encrypted direct messages,” a kind of encryption that would prevent even Twitter from reading users’ messages.
“It has been nearly two years since our meeting, and Twitter DMs are still not encrypted, leaving them vulnerable to employees who abuse their internal access to the company’s systems, and hackers who gain unauthorized access,” said Wyden. “While it still isn’t clear if the hackers behind yesterday’s incident gained access to Twitter direct messages, this is a vulnerability that has lasted for far too long, and one that is not present in other, competing platforms.”
“If hackers gained access to users’ DMs, this breach could have a breathtaking impact, for years to come,” the lawmaker said.
We asked Twitter several questions about direct messages, including whether the company has any evidence that the hackers gained access to users’ DMs; what protections it puts in place to prevent unauthorized access — including from Twitter employees; and if there are any plans to implement DM end-to-end encryption.
When reached, a Twitter spokesperson declined to comment.
Source: Tech Crunch