Bluesky Grapples with Ongoing Cyberattack Amid Service Disruptions
Decentralized social media platform Bluesky has been hit by a relentless cyberattack, leaving its website and app intermittently inaccessible and sparking frustration among its growing user base. In a statement on Thursday, Bluesky’s Chief Operating Officer Rose Wang confirmed that the company had been targeted by a “sophisticated Distributed Denial-of-Service (DDoS) attack,” which began on April 15 at approximately 8:40 p.m. Eastern Time. The attack has since escalated, causing widespread disruptions to core features such as feeds, notifications, and search functionality, though Bluesky maintains that no unauthorized access to user data has occurred.
A Crippling Attack
A DDoS attack involves overwhelming a platform’s servers with massive volumes of junk traffic, rendering it inaccessible to legitimate users. While these attacks do not involve breaching sensitive systems, they can be highly disruptive, often paralyzing online services for extended periods. Bluesky’s team has been working around the clock to mitigate the attack, but as of Friday, the platform continues to struggle with intermittent outages.
Bluesky acknowledged the severity of the situation in a public post, stating, “Our team received a report of intermittent app outages at about 11:40 p.m. PDT on April 15. They worked through the night to mitigate a sophisticated Distributed Denial-of-Service (DDoS) attack, which intensified throughout the day.” The company added that the attack was “impacting our operations, with users experiencing intermittent interruptions in service for their feeds, notifications, threads, and search.”
Users Caught in the Crossfire
For Bluesky users, the disruptions have been a source of growing frustration. Some have reported encountering error messages when attempting to access popular feeds or individual profiles. One user shared a screenshot displaying the message, “This feed is currently receiving high traffic and is temporarily unavailable. Please try again later. Message from server: Rate Limit Exceeded.”
Even as Bluesky’s engineers scramble to restore full functionality, the platform’s status page, which is intended to provide real-time updates, has also been affected, leaving users in the dark about the progress of mitigation efforts. Bluesky initially directed inquiries to its status page and account (@status.bsky.app) for updates but has yet to provide a concrete timeline for resolving the issue.
Decentralization Offers Resilience
Bluesky, founded as a decentralized alternative to mainstream social media platforms, operates on a protocol that allows other communities to build their own applications. Notably, while Bluesky itself has been severely impacted, other communities using its underlying infrastructure, such as Blacksky, remain operational.
Blacksky’s team reported a “significant spike” in migration requests from Bluesky users in the wake of the outage. Prominent developers and community leaders, including Sebastian at Eurosky, have been actively promoting Blacksky’s services, positioning it as a viable alternative for users seeking uninterrupted access to decentralized social networking.
A Hectic Week for Bluesky
The cyberattack has undoubtedly placed immense strain on Bluesky’s team, as evidenced by a typo on its status page that read, “investigating an incident with service in one of our reginos [sic].” Bluesky protocol engineer Bryan Newbold hinted at the severity of the situation in a post early Wednesday morning, writing, “oof, our services are getting pretty hard tonight.”
Despite the challenges, Bluesky has assured users that no private data has been compromised. The company remains focused on mitigating the attack and restoring full service, promising another update by 1 p.m. ET on Friday.
Rising Cyber Threats
The attack on Bluesky underscores the growing prevalence of cyber threats targeting social media platforms. DDoS attacks, in particular, have become a favored tool for disruptors, given their potential to cause significant downtime with relatively low technical complexity. For a decentralized platform like Bluesky, which prides itself on resilience and user control, the attack serves as a stark reminder of the vulnerabilities inherent in digital infrastructure.
As Bluesky continues to navigate this crisis, the incident raises broader questions about the security of decentralized platforms and their ability to withstand increasingly sophisticated cyberattacks. While decentralization offers resilience by distributing control, it also introduces unique challenges in coordinating defenses against large-scale threats.
A Balancing Act
For now, Bluesky’s users are left to contend with intermittent access and uncertainty. The platform’s ability to recover from this attack will likely shape its reputation as a reliable alternative to centralized social media giants. As the company works to restore stability, the incident serves as a cautionary tale about the evolving landscape of cybersecurity and the importance of robust defenses in an increasingly interconnected world.
Bluesky’s battle against this DDoS attack is far from over, but its response will determine whether it emerges stronger—or loses ground in the fiercely competitive world of social media.
