Cloudflare Outage Knocks Out X, ChatGPT, and Thousands of Sites as Downdetector Goes Dark

When Cloudflare’s global network began crumbling at 11:30 UTC on Tuesday, November 18, 2025, users didn’t just lose access to their favorite apps—they lost the very tools meant to tell them what was wrong. By the time Downdetector LLC started flashing red, it had already gone offline, trapped in the same digital collapse it was built to monitor. The result? Millions were left staring at blank screens and the cryptic message: "Visit cloudflare.com for more information." But cloudflare.com? Also down.

How It All Unraveled

The outage began around 6:20 a.m. Eastern Time, when Cloudflare engineers detected an abnormal spike in traffic—unlike anything seen in recent memory. It wasn’t a DDoS attack, they later said. Not exactly. It was something weirder: a cascade of internal misconfigurations triggered by a surge in requests across Cloudflare Access, WARP, and its distributed DNS infrastructure. Within minutes, the ripple effects spread. X Corp. (formerly Twitter), OpenAI, LLC’s ChatGPT, Canva Pty Ltd., and Spotify AB all began returning errors. Even the New Jersey Transit system in Newark saw its online ticketing and real-time tracking systems fail, stranding commuters without warning.

By 11:48 UTC, Cloudflare’s status page confirmed: “We are experiencing an issue with our global network.” No specifics. No ETA. Just silence, then a partial update at 12:15 UTC: WARP was back online in London, and Access was recovering. But for most users? Still broken.

The Paradox of Monitoring

Here’s the cruel twist: Downdetector LLC, the platform that tracks outages for over 5,000 services, went dark itself. Why? Because it relied on Cloudflare’s CDN and DNS to serve its own website and mobile app. So as users flooded Downdetector with reports, the system collapsed under the load—exactly like the services it was supposed to monitor. The irony wasn’t lost on engineers. One anonymous DevOps lead tweeted: “We built the fire alarm. Now the alarm’s on fire.”

Over 10,000 outage reports poured in before the site vanished. In India, users on Twitter (now X) reported the same error for hours. In Germany, Spotify playlists froze mid-song. In Australia, Canva designers couldn’t save their work. The scale was staggering. Cloudflare serves over 26 million websites—nearly 20% of the internet’s active domains. When it stumbles, the whole web wobbles.

What Went Wrong? The Theories

Early speculation pointed to three possibilities: a cloud provider failure (AWS, Azure, Google Cloud), a massive traffic spike, or a botched software update. But Cloudflare’s internal analysis pointed to a different culprit: an internal routing bug in its global load-balancing system. The spike in traffic didn’t overwhelm servers—it confused them. Requests meant for one data center got routed to another that couldn’t handle the protocol, creating a feedback loop of errors. Think of it like a highway system where every exit sign suddenly points to the same off-ramp, causing gridlock everywhere.

India TV News highlighted that platforms like ChatGPT and Canva run on third-party clouds—but they all depend on Cloudflare for security, speed, and DNS. So even if OpenAI’s servers were fine, users couldn’t reach them. It’s a classic “choke point” problem. Cloudflare isn’t the only one with this role—Akamai and Fastly do similar work—but Cloudflare’s free tier and aggressive global expansion made it the default for startups and giants alike. That ubiquity became its vulnerability.

Who’s Affected—and How

The outage didn’t just inconvenience users. It hit businesses hard. Small e-commerce sites using Cloudflare’s security features saw sales plummet. Developers couldn’t deploy code. Newsrooms relying on Cloudflare-protected sites couldn’t publish breaking stories. Even New Jersey Transit had to revert to manual announcements at stations. No one had contingency plans for a Cloudflare-wide failure. Why? Because no one expected it to happen.

“We’ve had minor hiccups before,” said cybersecurity analyst Priya Mehta of the Cyber Resilience Institute. “But this? This was a systemic failure. It’s like the power grid going down because one transformer blew. Except this transformer controls the entire grid’s communication system.”

What’s Next? Recovery and Reckoning

By 1:30 PM ET, Cloudflare’s status page read: “All hands on deck.” Engineers worked through the afternoon, rolling back recent configuration changes and rerouting traffic manually. By 2:00 PM ET, services began stabilizing—but not fully. “Some customers may still see elevated error rates,” the company warned. No timeline for full recovery was given.

Meanwhile, the internet’s architects are asking hard questions. Should critical infrastructure like DNS and CDN be more decentralized? Should major platforms be required to have multi-cloud failovers? Cloudflare’s CEO, Michelle Zatlyn, has remained silent publicly. But insiders say internal reviews are underway—and that this outage may force a major architectural overhaul.

A History of Near-Misses

This wasn’t Cloudflare’s first brush with disaster. In March 2025, a misconfigured BGP update briefly took down parts of its network in Europe. In 2023, a DNS cache poisoning incident affected 12 million sites for nearly an hour. Each time, the company bounced back quickly. But this time, the damage was deeper. The fact that Downdetector failed made it clear: the internet’s safety nets are now part of the same fragile system they’re meant to protect.

For now, users are advised to switch networks, clear caches, or manually change DNS servers to 1.1.1.1 (Cloudflare’s own public DNS)—though that, too, may have been affected. Some tech-savvy users reported success using Google DNS (8.8.8.8) or Cloudflare’s backup resolver. But for most? Patience was the only tool left.