Cloudflare is a popular Content Delivery Network and DNS service provider. The role of Cloudflare’s service is to make the web faster, more reliable and more secure for businesses and end users. Like any company working with technology, issues do arise from time to time causing disruption for businesses and internet users.
Major outage incidents involving Cloudflare become newsworthy stories because the service is expected to help deliver uptime for major companies - so when something does go wrong it affects thousands of users across the globe.
When Cloudflare stumbles, the internet feels it. From e-commerce sites to remote work tools, even short outages can leave businesses scrambling and users in the dark. These are the moments when things broke—and what happened next.
1. Cloudflare Goes Down in Internet Traffic Jam With Verizon - June 24, 2019
In what was essentially a large internet pile up, Cloudflare experienced an outage starting at around 6.30am on June 24th 2019, on the back of an issue with Verizon.
The incident was caused by a faulty border gateway protocol (BGP), which is responsible for joining networks together and directing traffic between them, and resulted in all of Verizon's internet traffic getting rerouted through DQE Communications, a small ISP in Pennsylvania that wasn’t equipped to handle it.
The small ISP accidentally passed routing instructions upstream, and Verizon unknowingly broadcast them to the rest of the internet—causing a cascade of outages. Of course, none of this should have happened in the first place, had Verizon set up proper filtering. As Cloudflare’s CEO Matthew Prince put it at the time:
“The teams at Verizon and Noction should be incredibly embarrassed at their failings this morning which impacted Cloudflare and other large chunks of the Internet. It’s absurd BGP is so fragile. It’s more absurd Verizon would blindly accept routes without basic filters.”
The outage lasted approximately three hours, which was long enough to knock down major services such as Amazon, Google, Facebook, Discord, and many other sites. The kind of disruption that, in hindsight, feels alarmingly easy to trigger.
2. Cloudflare Outage Takes Down Shopify and Discord - July 17th, 2020
A misstep in how internet traffic was routed on July 17, 2020 briefly broke some of the internet’s biggest sites. The issue originated from a misconfiguration on the internet’s backbone—a router in Atlanta broadcasting faulty routes that rippled outward.
Victims included the likes of Shopify, Discord, League of Legends, Medium, Patreon, and other popular websites. Even the status pages meant to track outages failed—leaving users with no visibility into what was happening.
To make matters worse, the outage was right in the middle of the ongoing Coronavirus outbreak and the pandemic lockdowns—a period of time when people were increasingly reliant on such services to maintain communication during a period of isolation. While the issue only lasted about an hour before being resolved, the disruption exposed just how fragile our digital dependencies can be.
3. Cloudflare Problems due to Centurylink Outage - August 30th, 2020
Cloudflare announced an outage affecting numerous business websites on August 30th, 2020 was due to an IP fault by internet service provider CenturyLink.
According to Cloudflare the outage affected multiple other internet services, and was not a Cloudflare-specific outage. CenturyLink was responsible for the issue that affected many Internet services, including Cloudflare.
In social media posts, and an update to its own status page, Cloudflare said it was investigating issues with Cloudflare Resolver and its edge network in certain locations.
The outage began with an increase in the level of frustrating HTTP 522 and 503 errors. The outage affected all data centers that used CenturyLink as a transit provider.
Cloudflare’s services are meant to prevent websites from suffering outages due to peak traffic loads as well as DDoS or spam comment attacks, but the outage ended up taking down company services in the US and parts of Europe. Casualties of the incident included the likes of Hulu, Feedly, Xbox Live, with many others also affected. It’s a worryingly common occurrence, to see websites go down, with a service designed to keep them up and running.
CenturyLink suffered a separate massive outage in 2018 that affected 911 calls, ATM withdrawals, lottery drawings and other services, highlighting the seriousness of outages and the disruption they can cause.
4. Fitbit, Peloton and Others Grind to a Halt Due to Cloudflare Outage - 21st June, 2022
On June 21st, 2022, Cloudflare experienced a multiple-hour outage as reported on Downdetector. According to the Cloudflare status page, a critical P0 incident was declared at approximately 06:34 am UTC. Connectivity in Cloudflare’s network was disrupted in broad regions as a result of the error.
Customers attempting to reach business websites run with Cloudflare in impacted regions were met with 500 errors and could not access information, complete transactions, or send business enquiries through contact forms as a result. The incident impacted all data plane services in the Cloudflare network. This incident was marked as resolved on the Cloudflare status page at 08:06 UTC on the 21st of June 2022.
During the 1 hour 30 minute outage, Cloudflare’s technology that powers numerous sites and services across the internet was unavailable and caused disruption to several companies including Fitbit, and Peloton.
5. Cloudflare Services Become Unavailable for 121 Minutes, Including Workers Platform and Zero Trust Solution - January 24, 2023
Cloudflare services were unavailable for 121 minutes due to an error releasing code that manages service tokens. The incident impacted a range of Cloudflare products including aspects of the Zero Trust solution, and control plane functions in the content delivery network (CDN).
The outage occurred after Cloudflare intended to introduce a feature that showed administrators the time that a token was last used, giving users the ability to safely clean up unused tokens. The change inadvertently overwrote other metadata about the service tokens and rendered the tokens of impacted accounts invalid for the duration of the incident.
It’s an update no business owner wants to receive. A website uptime monitoring email letting you know your website is currently down and can’t be accessed. There is bound to be customer inconvenience, lost sales, and potential reputational damage.
6. Cloudflare, Coindesk and Workday Experienced Service Outages - November 2nd 2023
A Cloudflare issue on 2nd November 2023 took thousands of popular websites and SMB web pages briefly offline, due to a network wide issue at the company.
While the incident was resolved after 20 minutes, the impact snared thousands of websites and affected a large number of businesses and internet users.
Several cryptocurrency exchanges were taken offline by the event, including Crypto news site Coindesk who said the downtime affected the data it received about Bitcoin - with prices incorrectly displaying as $26 USD instead of $10,300 USD leaving it in a tangle and causing problems for the website and customers.
The potential financial implications of downtime and interruptions in real time data can be severe for businesses with lasting consequences.
7. Cloudflare Experiences 1.1.1.1 Lookup Failures - October 4th 2023
On 4 October 2023, Cloudflare experienced DNS resolution problems over a 3 hour period starting at 07:00 UTC and ending at 11:00 UTC. The outage was an internal software error and not the result of an external attack on Cloudflare systems.
Some users of 1.1.1.1 or products like WARP, Zero Trust, or third party DNS resolvers which use 1.1.1.1 received SERVFAIL DNS responses to valid queries. The rate of Cloudflare resolvers SERVFAIL responses increased by 12% during the outage.
The issue was caused when a planned change to root zone management was carried out on the 21st September adding a new resource record type for the first time, named ZONEMD.
On 4 October 2023 at 07:00 UTC, the DNSSEC signatures in the version of the root zone implemented on 21st September expired. Because there was no newer version that the Cloudflare resolver systems were able to use, some of Cloudflare’s resolver systems stopped being able to validate DNSSEC signatures and as a result started sending error responses (SERVFAIL).
In this instance, it seems Cloudflare failed to adequately launch a planned change with testing or fail safes and the impact was the SERVFAIL error felt by business owners and users trying to access popular websites.
8. Cloudflare Outage Creates Reachability Issues For Zoom and Hubspot - September 16th 2024
HubSpot and Zoom were amongst the service providers affected by a Cloudflare outage on 16th September 2024.
This performance incident resulted in reachability issues for some applications leveraging Cloudflare’s CDN and Networking services. The issue lasted for around 1 hour and 30 minutes, starting at 04.10 am UTC and lasting until 05.45 am UTC. The incident impacted servers in the United States, Europe, the UAE, and the Philippines.
The result of the outage was inconvenience, and potential disruption to day-to-day business operations. The outage impacted businesses, marketers, remote companies, and remote workers trying to access tools such as Hubspot and Zoom.
9. Global Cloudflare Outage Caused by Simple Key Rotation Mistake - March 21st 2025
On March 21, 2025, Cloudflare crashed with a global outage lasting 1 hour and 7 minutes, caused by total write failures and partial read failures.
The failures were the result of credential rotation errors in the R2 Gateway, the component responsible for authenticating Cloudflare’s gateway worker to the storage backend.
Major Cloudflare services became unavailable due to the seemingly simple process of rotating credentials.
Cloudflare regularly rotates credentials as a security best practice, but due to an omitted “--env production” parameter in the wrangler CLI, the new credential was pushed to the default (dev) environment, and the production version was never updated.
With the assumption that production had already migrated to the new keys, the old credentials were deleted at the storage backend. Production was still using the old and invalid credentials, causing every R2 write operation to fail and affecting a good percentage of read operations.
When it goes wrong, the fallout can be expensive, disruptive, and damaging to trust. Similar mistakes from other companies have resulted in costly damage to brand reputation, including the Dropbox service takeover in 2024 and the Microsoft Exchange Key Incident in 2023.
Conclusion
CDN and DNS service providers play an important role in the internet. The best services keep business websites accessible and working with minimal interruptions.
As we have seen with Cloudflare, outages impact businesses in a number of ways and can cause reputational damage while causing inconvenience to users. Outages can also cause financial losses due to downtime, lost customers, reduced orders, and erosion of consumer trust.
Businesses looking to avoid such frequent mishaps should work with providers with robust technology, diligent processes, and a reputation for reliability.
In this scenario, Control D offers one of the most powerful solutions available, with a suite of features to protect organizations and individual users from online threats. If you're looking for a suitable Cloudflare alternative to protect you from disruptions, speak with a product specialist today to learn more.