Facebook: down and out again (along with Instagram) after DDoS attack?

Facebook was hit by a major outage this morning, along with Instagram, but as of the time of writing, both sites are now back up and running.

The social network admitted it had gone down in a post spotted by TechCrunch, but it didn’t say what the cause of the outage was.

Facebook stated that it (and Instagram) experienced a “major outage” from 6:10 GMT this morning until 7:10 when the recovery was implemented. That corroborates with anecdotal evidence we’ve seen on Twitter which states that the downtime lasted for an hour (or just over an hour in some cases – but we won’t split hairs).

Facebook wrote: “The issue was resolved at 23:10 PST and the site stabilised shortly afterwards. Our internal and external monitoring shows that API requests are being served with normal latency and error rates, in all geographic regions. We are sorry for any inconvenience this may have caused you and the users of your apps.”

The latter refers to the fact that the outage also affected those apps which use a Facebook log-in, of course, such as Tinder and Hipchat.

Apparently it was a DDoS attack according to some sources, and indeed Lizard Squad is claiming responsibility, having tweeted: “Facebook, Instagram, Tinder, AIM, Hipchat #offline #LizardSquad”.

DDoS is Lizard Squad’s method, naturally enough, and the fact that Facebook wouldn’t say anything about the cause suggests it could be some kind of attack. It’s a major target for the hacktivist collective to have taken out, though (they also claimed to have downed the Malaysia Airlines website yesterday).

As for major Facebook outages, the last big one occurred in August when the social network was down for a similar period of time – though it was also down across the globe in September, but only for a short blip in that case.

UPDATE: We have received a comment from David Emm, principal security researcher at Kaspersky Lab, who said: “Facebook, Instagram and Tinder were down this morning, apparently the latest victims in a stream of DDoS attacks targeting high-profile organisations.

"Although the sites were only down for around an hour, any period of unplanned downtime can not only result in financial losses, but severe reputational damage, leading to the loss of valuable customers.

“DDoS attacks are nothing new; they’ve been a threat for many years and are one of the most popular weapons in a cybercriminals’ arsenal. However, we’re seeing the level of danger from these attacks increasing.

Our recent research showed that 38 per cent of companies providing online services respondents have fallen victim to a DDoS attack in the last 12 months.

The problem is that today DDoS attacks can be set up cheaply and easily, from almost anyone, whether that be a competitor, a dismissed employee, socio-political protesters or just a lone wolf with a grudge.

As a result, the volume of attacks has rapidly increased in recent years, so it’s imperative that businesses find an effective way to safeguard themselves from such attacks.”