Mastodon's flagship server suffered a distributed denial-of-service attack on Monday that left instances unusable at times, the social networking software maker said.
Large portions of the site were inaccessible, with error messages and full-screen outage warnings.
The maker of decentralized social networking software, which runs the official Mastodon.social instance, announced in a status update around 7 a.m. ET Monday that it was investigating the cyberattack.
By 9:05 a.m. ET, Mastodon announced that it had “addressed the DDoS attack and the site was now accessible.” However, the company warned that it may continue to experience instability due to the ongoing attack.
The cyberattack targeting Mastodon comes days after another decentralized social network, Bluesky, largely resolved a multi-day outage caused by a prolonged DDoS attack. As of Bluesky's latest update, April 17, the DDoS attack continues, but its service has been stable since April 16 at 9pm PDT.
A Mastodon representative did not immediately comment on the cause of the cyberattack when contacted by TechCrunch.
Image credit: TechCrunch (screenshot)
Distributed Denial of Service (DDoS) attacks rely on sending large amounts of junk web traffic to an app or website's server with the goal of taking it offline. Although these cyberattacks do not involve data theft, DDoS attacks can have a devastating impact on users.
DDoS attacks have become exponentially more powerful over the years. Last year, network security company Cloudflare announced it had mitigated what it said was the largest DDoS attack ever, at a peak rate of 29.7 terabits per second. This is equivalent to thousands of hard drives filling up with data every minute.
When targeting decentralized social networking services, attacks can cause instability or outages, but not everyone will be taken offline. For example, in the case of Bluesky, users who migrated their accounts to other providers such as Blacksky that run on the same protocol and interoperate with Bluesky were not affected.
Similarly, attacks on Mastodon have so far targeted only the larger server (mastodon.social) and not the many smaller instances that make up the complete Mastodon social network.