Major social media services including Facebook, Instagram and WhatsApp were hit by a massive outage on Monday, tracking sites showed, impacting potentially tens of millions of users.
Outage tracker Downdetector was showing outages in heavily populated areas like Washington and Paris, with problems being reported from around 1545 GMT.
Downdetector showed there were more than 20,000 incidents of people reporting issues with Facebook and Instagram.
The Pakistan Telecommunication Authority said that Facebook services had been affected internationally due to an outage. “Further details are being collected,” a spokesperson for the authority said.
Users trying to access Facebook in affected areas were greeted with the message: “Something went wrong. We’re working on it and we’ll get it fixed as soon as we can.”
“We’re aware that some people are having trouble accessing our apps and products,” Facebook spokesman Andy Stone said on Twitter.
“We’re working to get things back to normal as quickly as possible, and we apologise for any inconvenience,” he said.
One Facebook employee told Reuters that all internal tools were down. Facebook’s response was made much more difficult because employees lost access to some of their own tools in the shutdown, people tracking the matter said.
Multiple employees said they had not been told what had gone wrong.
Facebook has experienced similar widespread outages with its suite of apps this year in March and July.
Several users using their Facebook credentials to log in to third-party apps such as Pokemon Go and Match Masters were also facing issues.
“If your game isn’t running as usual please note that there’s been an issue with Facebook login servers and the moment this gets fixed all will be back to normal,” puzzle game app Match Masters said on its Twitter account.
What analysts are saying
“This is epic,” said Doug Madory, director of internet analysis for Kentik Inc. The last major internet outage, which knocked many of the world’s top websites offline in June, lasted less than an hour. The stricken content delivery company in that case, Fastly, blamed it on a software but triggered by a customer who changed a setting.
So many people are reliant on Facebook, WhatsApp or Instagram as a primary mode of communication that losing access for so long can make them vulnerable to criminals taking advantage of the outage, said Rachel Tobac, a hacker and CEO of SocialProof Security.
“They don’t know how to contact the people in their lives without it,” she said. “They’re more susceptible to social engineering because they’re so desperate to communicate.” Tobac said during previous outages, some people have received emails promising to restore their social media account by clicking on a malicious link that can expose their personal data.
The cause of the outage remains unclear. Malory said it appears that Facebook withdrew “authoritative DNS routes” that let the rest of the internet communicate with its properties.
Such routes are part of the internet’s Domain Name System, a key structure that determines where internet traffic needs to go. DNS translates an address like “facebook.com” to an IP address like 18.104.22.1680. If Facebook’s DNS records disappeared, apps and web addresses would be unable to locate it.
Jake Williams, chief technical officer of the cybersecurity firm BreachQuest, said that while foul play cannot be completely ruled out, chances were good that the outage is “an operational issue” caused by human error.
Madory said there was no sign that anyone but Facebook was responsible and discounted the possibility that another major internet player, such as a telecom company, might have inadvertently rewritten major routing tables that affect Facebook. “No one else announced these routes,” said Madory.
A massive denial-of-service attack that could overwhelm one of the world’s most popular sites would require either coordination among powerful criminal groups or a very innovative technique, security experts said.
Computer scientists speculated that a bug introduced by a configuration change in Facebook’s routing management system could be to blame. Colombia University computer scientist Steven Bellovin tweeted that he expected Facebook would first try an automated recovery in such a case. If that failed, it could be in for “a world of hurt” — because it would need to order manual changes at outside data centers, he added.
“What it boils down to: running a LARGE, even by Internet standards, distributed system is very hard, even for the very best,” Bellovin tweeted.
Crisis after whistleblower
The outage comes a day after a whistleblower went on US television to reveal her identity after she leaked a trove of documents to authorities alleging the social media giant knew its products were fueling hate and harming children’s mental health.
Frances Haugen, a 37-year-old data scientist from Iowa, has worked for companies including Google and Pinterest — but said in an interview with CBS news show “60 Minutes” that Facebook was “substantially worse” than anything she had seen before.
The world’s largest social media platform has been embroiled in a firestorm brought about by Haugen, with US lawmakers and The Wall Street Journal detailing how Facebook knew its products, including Instagram, were harming young girls, especially around body image.