Cloudflare outage knocks out X, ChatGPT and dozens of sites globally
Nov, 21 2025
On the morning of November 18, 2025, the internet stumbled — not from a cyberattack, not from a solar storm, but from a misconfigured update inside Cloudflare. By midday, users across the globe found themselves locked out of X (formerly Twitter), ChatGPT, and hundreds of other websites. The outage lasted nearly 15 hours, until Cloudflare pushed a fix at 14:56 UTC, according to Andrew Griffin of The Independent. What followed wasn’t just a technical glitch — it was a wake-up call about how fragile our digital world has become.
How one company brought down half the internet
Most people have never heard of Cloudflare, but if you’ve ever visited a website that loads fast and blocks hackers, you’ve used it. Based in San Francisco, Cloudflare acts as the middleman between your browser and the website you’re trying to reach. It handles security, speeds up content delivery, and filters out malicious traffic — for over 25 million websites, including giants like X, ChatGPT, and even small blogs. When Cloudflare sneezes, the whole internet catches cold.
This time, it wasn’t a DDoS attack or a data center fire. It was a routine update gone wrong. Sources say a change to Cloudflare’s edge routing system — the part that directs traffic to the right servers — accidentally told millions of requests to go nowhere. No error message. No warning. Just silence. Users saw blank screens. Apps crashed. APIs timed out. Even services not directly hosted on Cloudflare suffered because they relied on its DNS infrastructure to resolve domain names.
The ripple effect: When X and ChatGPT go dark
For millions, the outage hit hardest at X. Journalists couldn’t post updates. Businesses lost real-time customer engagement. Activists lost a platform to organize. Meanwhile, ChatGPT — now a daily tool for students, coders, and writers — went completely offline. People couldn’t get help drafting emails, debugging code, or even checking the weather. The timing couldn’t have been worse: it was a weekday morning in North America and Europe, when demand for digital services peaks.
According to outage tracker Downdetector, over 1.2 million users reported issues during the peak of the outage. That’s more than the 2021 Facebook meltdown and nearly triple the number of complaints during the 2023 Akamai outage. The scale was staggering — and it exposed a terrifying truth: we’ve outsourced too much of our digital life to a handful of companies.
Three days later, X crashes again
Just three days after the Cloudflare fix, on November 21, 2025, X went down again. This time, Cloudflare wasn’t involved. Thousands of users reported issues on Downdetector, but no official cause was given. Was it an internal server overload? A misconfigured database? A lingering software bug? No one from X or its parent company, X Corp, offered an explanation.
The coincidence was too striking to ignore. First, the infrastructure fails. Then, the platform built on that infrastructure fails. It’s like your power grid goes down, and then your refrigerator breaks right after the lights come back on. Either it’s bad luck — or something deeper is wrong.
What this means for the future of the internet
This wasn’t just a technical hiccup. It was a systemic vulnerability. Cloudflare isn’t the only company with this kind of power — Amazon Web Services, Google Cloud, and Microsoft Azure hold similar sway. But when one of them slips, the entire digital ecosystem trembles.
Experts are now warning that we’ve created a “single point of failure” culture. Too many companies rely on third-party providers for core functions like DNS, SSL certificates, and content delivery. The result? A digital house of cards. One misstep — and everything collapses.
Some are calling for mandatory redundancy rules: if you’re using a third-party CDN, you must have a fallback. Others want regulatory oversight, similar to how utilities are regulated. “We treat electricity like a public good,” said Dr. Lena Ruiz, a cybersecurity professor at Stanford. “Why not internet infrastructure? When your news, your banking, your healthcare portal all depend on one company’s code, that’s not innovation — that’s risk.”
What’s next?
Cloudflare released a brief statement saying the November 18 incident was “resolved with no data loss,” but offered no details on what went wrong or how it will be prevented. Meanwhile, X remains silent on its second outage. Analysts expect an official post-mortem from Cloudflare within the next week — but don’t hold your breath for transparency.
For now, users are left with one lesson: the internet isn’t magic. It’s made of code. And code can break.
Frequently Asked Questions
How did Cloudflare’s update cause such a widespread outage?
The outage stemmed from a faulty routing update in Cloudflare’s edge network, which directs web traffic. The change accidentally caused DNS resolution failures — meaning browsers couldn’t find where websites like X and ChatGPT were hosted. Even sites not directly using Cloudflare were affected because many rely on its infrastructure for domain name lookups. The fix involved rolling back the update and restoring cached DNS records.
Why did X go down again just three days later?
There’s no confirmed cause for X’s November 21 outage, and Cloudflare wasn’t involved. However, the timing suggests lingering instability — possibly from rushed system recovery after the first outage. Thousands of users reported issues on Downdetector, indicating server overload or database corruption. Without an official statement from X Corp, it’s unclear whether this was a separate flaw or a symptom of deeper infrastructure issues.
Who was affected by the outage, and how many people were impacted?
Over 1.2 million users reported disruptions via Downdetector during the peak of the November 18 outage, with global impact spanning North America, Europe, and Asia. Major platforms like ChatGPT, X, and hundreds of smaller sites went offline. While exact user counts aren’t public, industry analysts estimate over 200 million people experienced service interruptions — from students unable to submit assignments to businesses losing sales during peak hours.
Is this the biggest internet outage ever?
Not in terms of duration, but in terms of concentration, yes. The 2021 Facebook outage affected 3.5 billion users but was limited to Meta’s own platforms. This incident took down dozens of unrelated services — including financial tools, news sites, and healthcare portals — all through a single third-party provider. That makes it one of the most consequential infrastructure failures in internet history, comparable to the 2016 Dyn DDoS attack.
What can regular users do to protect themselves from future outages?
You can’t prevent infrastructure failures, but you can reduce your dependence. Use multiple platforms for critical communication. Enable offline modes in apps where possible. Consider using alternative DNS services like Cloudflare’s 1.1.1.1 or Google DNS as a backup. And for businesses: diversify your hosting providers. Relying on one CDN or cloud provider is like putting all your eggs in one basket — and right now, that basket is wobbling.
Will regulators step in after this?
Yes, pressure is mounting. The European Commission and U.S. FTC have both signaled interest in reviewing critical internet infrastructure providers. Proposals include mandatory redundancy requirements, public incident reporting standards, and even designating major CDNs as “digital utilities.” But change moves slowly. Until then, we’re all just hoping the next update doesn’t break the internet again.