A major Cloudflare outage last night rippled across the internet, disrupting access to many services widely used by Australians. Users reported problems accessing ChatGPT, Spotify, Canva, Shopify, Dropbox, and various gaming platforms, including League of Legends and other Riot services. Several Australian airports also confirmed digital system disruptions, affecting passenger information screens and online service portals. The outage was broad enough that even Cloudflare’s own dashboard and internal tools such as WARP and Access became unreliable, making it difficult for IT teams to assess the scale of the problem as it unfolded.
WHAT HAPPENED?
Cloudflare later confirmed that the outage was triggered by a latent software bug deep within its bot-mitigation and threat-traffic management systems. A routine configuration file—automatically generated by Cloudflare’s internal systems—grew far beyond its expected size, causing one of the service’s core components to crash. This failure broke the logic Cloudflare uses to filter malicious traffic and route legitimate requests. The company emphasised that the issue was not the result of a cyberattack, though it did notice an unusual spike in traffic around 11:20 UTC that worsened the impact. As engineers worked to stabilise the network, some services, including WARP traffic in London, were temporarily disabled to speed up recovery. Cloudflare rolled out a fix reasonably quickly, though some users continued to experience lingering issues for several hours.
WHAT WAS AFFECTED?
The scale of the disruption was severe because of how deeply Cloudflare is woven into the global internet—and into Australia’s digital infrastructure. Around a fifth of the world’s websites use Cloudflare for routing and security, meaning an outage instantly cascades across countless services Australians rely on every day.
During the peak of the incident, users encountered a mix of 500 Internal Server Errors, 502 Bad Gateway messages, and 504 Gateway Timeout responses. Many websites partially loaded before freezing, while login pages stalled in endless verification loops. Some services displayed Cloudflare-branded error pages indicating they could not reach their host servers. Apps and platforms that rely on APIs—such as travel booking tools, online stores and entertainment services—experienced requests failing silently or returning corrupted data, causing mobile and desktop clients to hang indefinitely.
Australian airports reported issues with digital signage and online passenger information, creating confusion for travellers checking flight statuses. Local businesses that depend on Cloudflare for hosting, security and e-commerce found their dashboards inaccessible, transactions interrupted, and customer sessions abruptly dropped. Even organisations not directly using Cloudflare were affected through third-party providers and integrations that rely on the company’s infrastructure. While most services were restored within hours, the disruption highlighted how many Australian digital platforms are built on top of Cloudflare’s backbone.
CLOSING THOUGHTS
The outage has reignited concerns about how heavily modern infrastructure depends on a small number of global service providers. Cloudflare’s tools dramatically improve the speed and safety of online services, but they also create a central point of failure—one that, as last night showed, can affect Australians across sectors from travel to retail to entertainment.
Cloudflare has committed to releasing a detailed post-mortem explaining how the bug went undetected and how the company plans to prevent similar incidents in future. For Australian users, businesses and developers, the outage is a reminder that even the most resilient global platforms can suffer rare but far-reaching failures, and that the digital systems we rely on every day remain vulnerable to unexpected faults deep in the internet’s core.
