Cloudflare Attributes Recent Service Outage to Password Rotation Error

“This incident happened because of human error and lasted longer than it should have because we didn’t have proper visibility into which credentials were being used by the Gateway Worker to authenticate with our storage infrastructure,” Cloudflare explained in their incident report. The company disclosed that 100% of write operations and approximately 35% of read operations to their R2 object storage service failed during the incident window that lasted 1 hour and 7 minutes. Cloudflare’s engineering team identified the root cause at 22:36 UTC—nearly an hour after the impact began and restored service by deploying credentials to the correct production Worker at 22:45 UTC. This incident follows another hour-long Cloudflare outage in February when an employee mistakenly disabled the entire R2 Gateway service while attempting to block a phishing URL. Security researchers reporting the February event pointed out that the outage was caused by a lack of controls and validation checks for high-impact operations. The recurring nature of configuration-related outages underscores the industry-wide challenge of managing complex cloud infrastructure while maintaining rigorous security practices like credential rotation. When the old credentials were subsequently deleted from their storage infrastructure, the production R2 Gateway service—which serves as the API frontend—lost authentication access to backend systems. The ripple effects extended to Email Security, Billing, Key Transparency Auditor, and Log Delivery services, with the latter experiencing up to 70-minute delays in processing. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. Vectorize, Cloudflare’s vector database, experienced 75% query failure rates and complete failure for insert operations.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 26 Mar 2025 13:20:13 +0000


Cyber News related to Cloudflare Attributes Recent Service Outage to Password Rotation Error

Cloudflare discloses breach related to stolen Okta data - Last fall, Cloudflare announced it mitigated an attempted cyberattack stemming from the infamous Okta breach. Cloudflare disclosed in a blog post that it had been breached by an unnamed nation-state threat actor using an access token and three ...
1 year ago Techtarget.com
Cloudflare Dashboard and APIs down after data center power outage - An ongoing Cloudflare outage has taken down many of its products, including the company's dashboard and related application programming interfaces customers use to manage and read service configurations. The complete list of services whose ...
1 year ago Bleepingcomputer.com
Cloudflare R2 service outage caused by password rotation error - The absence of safeguards and validation checks for high-impact actions led to the outage, prompting Cloudflare to plan and implement additional measures for improved account provisioning, stricter access control, and two-party approval processes for ...
3 days ago Bleepingcomputer.com
Polyfill.io, BootCDN, Bootcss, Staticfile attack traced to 1 operator - The recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected anywhere from 100,000 to tens of millions of websites has been traced to a common operator, according to ...
8 months ago Bleepingcomputer.com
Cloudflare publishes details of Thanksgiving security breach The Register - Cloudflare has just detailed how suspected government spies gained access to its internal Atlassian installation using credentials stolen via a security breach at Okta in October. In a write-up on Thursday, CEO Matthew Prince, CTO John ...
1 year ago Go.theregister.com
How to Arm Yourself With CloudFlare Security Solutions - Securing your website or digital asset is a critical part of running a successful business or website. With the rise of the digital era, the need to protect yourself from cyber-attacks is essential. That's why CloudFlare, the leading cloud solution ...
2 years ago Blog.cloudflare.com
Cloudflare Attributes Recent Service Outage to Password Rotation Error - “This incident happened because of human error and lasted longer than it should have because we didn’t have proper visibility into which credentials were being used by the Gateway Worker to authenticate with our storage ...
3 days ago Cybersecuritynews.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Cloudflare hacked using auth tokens stolen in Okta attack - Cloudflare disclosed today that its internal Atlassian server was breached by a 'nation state' attacker who accessed its Confluence wiki, Jira bug database, and Atlassian Bitbucket source code management system. The threat actor first gained access ...
1 year ago Bleepingcomputer.com
Best Password Generators of 2024 to Secure Your Accounts - Overview of best password generators to secure online accounts. We have various password generators to help us protect our accounts and practical barriers to protect our sensitive information. We have compiled this list of the best password ...
10 months ago Cyberdefensemagazine.com
Cloudflare Incident on January 24th, 2023 - An Overview - On January 24th, 2023, Cloudflare experienced an incident that impacted its customers globally. In this article, we will provide an overview analysis of the incident, its impacts on SEO, security, threats, etc. ...
2 years ago Blog.cloudflare.com
Top 6 LastPass Alternatives for 2024 - LastPass is a popular choice for managing passwords and sensitive information for individuals and businesses. While the tool still enjoys global patronage, it's not a bad idea to consider other password managers that can serve as worthy alternatives ...
1 year ago Techrepublic.com
Password Advice for the Rest of Us - Cisco Blogs - The key function you’re wanting out of a password manager is the ability to create passwords that are at least twenty (20) characters long, with all the typical mix of letters, numbers and symbols, as well as the ability to create a unique password ...
5 months ago Feedpress.me
Post-quantum cryptography: Code-based cryptography - One option is to use error correction codes as a cryptographic primitive. The basics Error correction codes are digital codes used to reliably send data through an unreliable channel. In a noisy channel, corruption of some of the bits would yield an ...
9 months ago Redhat.com
Securden Password Vault Review 2024: Security, Pros & Cons - Securden Password Vault is a password management solution geared towards supervising multiple accounts and sensitive login credentials. Yes, Securden Password Vault can be accessed for free. If you're looking for an enterprise-level password solution ...
1 year ago Techrepublic.com
Understand the pros and cons of enterprise password managers - To counter these threats, corporate IT security teams are turning to business-grade password managers to help centralize and streamline password and credential management. A password manager is a credential vault that gives IT teams a unified digital ...
1 year ago Techtarget.com
6 Best Enterprise Password Managers for 2024 Rated - Password managers are security tools that store, manage, and share authorization credentials safely for individual users and groups. In this article, I evaluate the top password managers and their ability to deliver and support solutions for ...
1 year ago Esecurityplanet.com
Bermuda Experiences Widespread Internet Disruption During Power Outage - On Friday evening, Bermuda, a British Overseas Territory with a population of around 64,000, experienced a major power outage that affected the island's internet and phone service. The government declared it a serious incident and asked customers to ...
2 years ago Bleepingcomputer.com
How to Share a Wi-Fi Password: A Step-by-Step Guide - You can unsubscribe at any ...
5 months ago Techrepublic.com
Protect your Active Directory from these Password-based Vulnerabilities - Deploying a security solution like Specops Password Policy enhances the protection of passwords, which are frequently exploited as an initial entry point by attackers. In this attack, the perpetrator, typically using a compromised low-level account ...
1 year ago Bleepingcomputer.com
Kwik Trip finally confirms cyberattack was behind ongoing outage - Two weeks into an ongoing IT outage, Kwik Trip finally confirmed that it's investigating a cyberattack impacting the convenience store chain's internal network since October 9. This outage has been causing widespread IT system disruptions and is ...
1 year ago Bleepingcomputer.com
Cloudflare Acquires Zaraz to Improve Cloud Loading of Third-Party Tools - Cloudflare, the global leader in cloud performance and security, has announced the acquisition of Zaraz, a leading provider of cloud server loading technology. The acquisition will enable Cloudflare to provide automated access to third-party tools, ...
2 years ago Blog.cloudflare.com
Announcing Custom DLP Profiles for Data Loss Prevention - Do you have questions about where your sensitive data is stored and who can access it? Does your organization need more visibility and control over their data? Cloudflare One offers customers Data Loss Prevention (DLP) that is designed to give ...
2 years ago Blog.cloudflare.com
Cloudflare loses 22% of its domains in Freenom.tk shutdown - A staggering 12.6 million domains on TLDs controlled by Freenom have been shut down and no longer resolve, leading to a significant reduction in the number of websites hosted by Cloudflare. The disappearance of these websites was spotted during our ...
1 year ago Netcraft.com
Cloudflare Expands Zero Trust Capabilities with Acquisition of BastionZero - Technology vendor Cloudflare on Thursday announced the acquisition of seed-stage startup BastionZero as part of plans to expand the scope of its VPN replacement solutions. BastionZero, based in Boston, Mass., raised $6 million in seed capital from ...
9 months ago Securityweek.com

Latest Cyber News


Cyber Trends (last 7 days)