Cloud and Network News

Recent Cloudflare R2 Outage

/ by Corentin C | Leave a comment

Cloudflare R2

On February 6, 2025, Cloudflare experienced a major outage that rendered its R2 object storage service completely inaccessible for nearly an hour. The disruption, caused by an attempt to remediate a phishing report, had a cascading impact on multiple Cloudflare services.

What Happened?

Cloudflare R2, a scalable object storage solution similar to Amazon S3, suffered a complete outage when an employee mistakenly disabled the entire R2 Gateway service instead of blocking a specific endpoint associated with a phishing report. This mistake was attributed to both human error and insufficient safeguards within Cloudflare’s abuse remediation system.

According to Cloudflare’s post-mortem, this incident was a failure of multiple system-level controls and operator training. The outage lasted from 08:14 UTC to 09:13 UTC, during which all operations against R2 failed, including uploads, downloads, and metadata requests.

Metrics aggregation intervals

Services Affected

Several Cloudflare services reliant on R2 were severely impacted, including:

  • Stream: 100% failure in video uploads and streaming delivery.
  • Images: 100% failure in uploads and downloads.
  • Cache Reserve: 100% failure in operations, causing increased origin requests.
  • Vectorize: 75% failure in queries, 100% failure in insert, upsert, and delete operations.
  • Log Delivery: Up to 13.6% data loss for R2-related logs, up to 4.5% data loss for non-R2 delivery jobs.
  • Key Transparency Auditor: 100% failure in signature publishing and read operations.

Additional indirect impacts included increased error rates for Durable Objects, Cache Purge, and Workers & Pages, though these remained relatively minor.

Cloudflare’s Response and Fixes

Cloudflare took immediate action to restore services and prevent similar incidents in the future. Key fixes include:

  • Removing the ability to disable entire systems via the abuse review interface.
  • Restricting Admin API capabilities to prevent internal service disablement.
  • Implementing stricter access controls and validation checks for high-impact actions.
  • Introducing a two-party approval process for system-level disablement actions.

Lessons Learned

This outage underscores the risks associated with human error and the importance of implementing strong safeguards against accidental service disruptions. While no data was lost from R2, the incident highlights the need for continuous improvements in automation, validation, and administrative oversight.

Cloudflare has committed to strengthening its operational controls and ensuring that future abuse remediation actions do not compromise system availability. As cloud services become increasingly critical to global infrastructure, such lessons are invaluable for the industry as a whole.

Source: https://blog.cloudflare.com/cloudflare-incident-on-february-6-2025/

Stay Updated with ToolsLib! 🚀
Join our community to receive the latest cybersecurity tips, software updates, and exclusive insights straight to your inbox!

Tagged

You might also like

Qwen AI from Alibaba

Alibaba’s Qwen 2.5: A Quiet Yet Promising Launch

Alibaba’s Qwen 2.5 AI models have launched with strong capabilities, but the unveiling was much quieter than DeepSeek V3’s. With impressive results in video analysis and math, Qwen 2.5 signals Alibaba’s growing presence in the AI race.

Read more »

French Senate Votes on Law Raising Privacy and Encryption Concerns

The French Senate has approved a law that expands surveillance powers, sparking debates on privacy and encryption. The bill allows authorities broader access to encrypted communications, raising concerns among security experts and privacy advocates. Proton has warned that such measures could undermine end-to-end encryption and create security vulnerabilities.

Read more »

Apple Faces UK Government Demand for Encrypted iCloud Backdoor

Apple is facing pressure from the UK government to create a backdoor for encrypted iCloud backups under the Investigatory Powers Act. If implemented, this could compromise global user privacy and set a dangerous precedent for digital security.

Read more »

deepseek website

DeepSeek AI Leak: Security Lapse Exposes Over a Million Log Entries, API Keys, and Chat Data

Chinese AI startup DeepSeek suffered a major security breach after leaving a ClickHouse database publicly accessible, exposing over a million log entries, API keys, and chat history. Security researchers warned that attackers could have accessed internal data, executed SQL queries, and escalated privileges. This incident highlights the critical risks of poor AI security practices, especially as DeepSeek faces growing scrutiny over privacy concerns and potential misuse of OpenAI’s API.

Read more »

deepseek website

DeepSeek Faces Massive Cyberattack

DeepSeek, the Chinese AI app that recently overtook ChatGPT in App Store downloads, is under attack. Facing a large-scale cyberattack, the platform has limited new user registrations but remains accessible to existing users. This incident underscores growing cybersecurity risks in the AI industry amidst DeepSeek's rapid rise and global impact.

Read more »

Microsoft Dev Home: Reaching the End of the Road

Microsoft Dev Home, a platform for developers on Windows, will reach its end-of-life in May 2025. With its customizable dashboard, machine configuration tools, and app installation features, it aimed to streamline developer workflows. As Microsoft sunsets the app, now is the time to explore alternatives.

Read more »

deepseek website

DeepSeek-R1: A Revolutionary AI Model Shaking Up the Industry

DeepSeek-R1 is revolutionizing AI with its cutting-edge capabilities and unbeatable cost efficiency. Rivaling OpenAI’s o1 model, this open-source innovation delivers advanced performance in mathematics, code generation, and human-like reasoning, all while being 27 times more affordable.

Read more »

windows 11

Enforcing Windows Updates on Windows 11: What You Need to Know About the 24H2 Update

Windows 11's 24H2 update is now mandatory for all eligible users, bringing exciting features like Wi-Fi 7 compatibility and improved energy management. However, with long installation times and potential software issues, preparation is key. Find out how to schedule updates, set active hours, and avoid surprises in our guide.

Read more »

7-zip-7z-file-archiver-data-compression

Critical 7-Zip Vulnerability Allows Attackers to Bypass Windows Security Features

A high-severity vulnerability in 7-Zip, tracked as CVE-2025-0411, enables attackers to bypass the Windows Mark of the Web (MotW) security feature, putting users at risk of malware. This issue, stemming from improper handling of archived files, has been addressed in version 24.09. Learn why updating your software is critical to maintaining your security.

Read more »

tiktok us ban

TikTok Banned in the United States: What It Means for Users and Social Media Landscape

The TikTok ban in the United States has left millions of users without access, raising questions about data privacy and national security. Discover the reasons behind the ban, the implications for users, and how this decision is reshaping the social media landscape.

Read more »

openai-chatgpt

Introducing Scheduled Tasks in ChatGPT: A Game-Changer for Automation (Beta)

ChatGPT introduces Scheduled Tasks, a new beta feature that revolutionizes automation. Whether you need daily briefings, reminders, or task management, this tool enables ChatGPT to run prompts and assist proactively, even while you're offline. Ideal for boosting productivity and simplifying routines!

Read more »

High-Severity Vulnerability Found in Dell SupportAssist: CVE-2024-52535

A newly disclosed vulnerability, CVE-2024-52535, in Dell SupportAssist could allow attackers to escalate privileges and delete critical files. Affecting both Home and Business PC versions, this high-severity flaw highlights the importance of updating to the latest software versions. Find out how to mitigate this risk effectively.

Read more »

To top

Table of Contents

Index
×