{"id":389366,"date":"2026-04-20T21:44:07","date_gmt":"2026-04-20T21:44:07","guid":{"rendered":"https:\/\/www.newsbeep.com\/nz\/389366\/"},"modified":"2026-04-20T21:44:07","modified_gmt":"2026-04-20T21:44:07","slug":"mastodon-was-hit-by-a-major-ddos-attack-that-briefly-took-down-parts-of-the-service","status":"publish","type":"post","link":"https:\/\/www.newsbeep.com\/nz\/389366\/","title":{"rendered":"Mastodon was hit by a &#8216;major&#8217; DDoS attack that briefly took down parts of the service"},"content":{"rendered":"<p class=\"col-body mb-4 leading-7 text-[18px] md:leading-8 break-words min-w-0 charcoal-color\">Mastodon seems to be recovering after a Distributed Denial of Service (DDoS) attack that took down its primary mastodon.social instance. As TechCrunch <a class=\"link \" href=\"https:\/\/techcrunch.com\/2026\/04\/20\/mastodon-says-its-flagship-server-was-hit-by-a-ddos-attack\/\" data-i13n=\"slk:notes;cpos:1;pos:1\" rel=\"nofollow noopener\" target=\"_blank\" data-ylk=\"slk:notes;slk:notes;cpos:1;pos:1;elm:context_link;itc:0;sec:content-canvas\" data-yga=\"{&quot;yLinkPosition&quot;:&quot;1&quot;,&quot;yLinkElement&quot;:&quot;context_link&quot;,&quot;yPosition&quot;:&quot;1&quot;,&quot;yModuleName&quot;:&quot;content-canvas&quot;,&quot;yLinkText&quot;:&quot;notes&quot;,&quot;yHasCommerce&quot;:false}\">notes<\/a>, the platform began <a class=\"link \" href=\"https:\/\/status.mastodon.social\/cmo730jrm05ailojla22drifc\" data-i13n=\"cpos:2;pos:1\" rel=\"nofollow noopener\" target=\"_blank\" data-ylk=\"slk:reporting issues;cpos:2;pos:1;elm:context_link;itc:0;sec:content-canvas\" data-yga=\"{&quot;yLinkPosition&quot;:&quot;2&quot;,&quot;yLinkElement&quot;:&quot;context_link&quot;,&quot;yPosition&quot;:&quot;1&quot;,&quot;yModuleName&quot;:&quot;content-canvas&quot;,&quot;yLinkText&quot;:&quot;reporting issues&quot;,&quot;yHasCommerce&quot;:false}\">reporting issues<\/a> early Monday morning as much of the Mastodon-operated server became inaccessible.<\/p>\n<p class=\"col-body mb-4 leading-7 text-[18px] md:leading-8 break-words min-w-0 charcoal-color\">It&#8217;s not clear who might be behind the attack, but Mastodon&#8217;s head of communications Andy Piper <a class=\"link \" href=\"https:\/\/macaw.social\/@andypiper\/116436859213678675\" data-i13n=\"cpos:3;pos:1\" rel=\"nofollow noopener\" target=\"_blank\" data-ylk=\"slk:described it;cpos:3;pos:1;elm:context_link;itc:0;sec:content-canvas\" data-yga=\"{&quot;yLinkPosition&quot;:&quot;3&quot;,&quot;yLinkElement&quot;:&quot;context_link&quot;,&quot;yPosition&quot;:&quot;1&quot;,&quot;yModuleName&quot;:&quot;content-canvas&quot;,&quot;yLinkText&quot;:&quot;described it&quot;,&quot;yHasCommerce&quot;:false}\">described it<\/a> as a &#8220;major&#8221; incident. A couple hours later, Mastodon shared on a status page that it had implemented countermeasures and that users should be able to access mastodon.social once again. Piper said that &#8220;some ongoing instability is a possibility&#8221; as the site recovered. It&#8217;s unclear if any other instances of the service were also targeted; mastodon.social is run directly by the nonprofit and is the largest server on the federated platform.<\/p>\n<p class=\"col-body mb-4 leading-7 text-[18px] md:leading-8 break-words min-w-0 charcoal-color\">Mastodon is the second decentralized platform to be targeted with a DDoS in recent days. Last week, Bluesky also dealt with a significant DDoS incident that took parts of the service offline for several hours. The company posted what it said was its <a class=\"link \" href=\"https:\/\/x.com\/bluesky\/status\/2046274845617365039\" data-i13n=\"cpos:4;pos:1\" rel=\"nofollow noopener\" target=\"_blank\" data-ylk=\"slk:final update;cpos:4;pos:1;elm:context_link;itc:0;sec:content-canvas\" data-yga=\"{&quot;yLinkPosition&quot;:&quot;4&quot;,&quot;yLinkElement&quot;:&quot;context_link&quot;,&quot;yPosition&quot;:&quot;1&quot;,&quot;yModuleName&quot;:&quot;content-canvas&quot;,&quot;yLinkText&quot;:&quot;final update&quot;,&quot;yHasCommerce&quot;:false}\">final update<\/a> Monday morning, saying that its service had &#8220;remained stable&#8221; and that there was &#8220;no evidence of unauthorized access to private user data.&#8221; A few hours later, however, it seemed Bluesky was once again experiencing some issues, though the cause was unclear. Its official <a class=\"link \" href=\"https:\/\/status.bsky.app\/\" data-i13n=\"cpos:5;pos:1\" rel=\"nofollow noopener\" target=\"_blank\" data-ylk=\"slk:status page;cpos:5;pos:1;elm:context_link;itc:0;sec:content-canvas\" data-yga=\"{&quot;yLinkPosition&quot;:&quot;5&quot;,&quot;yLinkElement&quot;:&quot;context_link&quot;,&quot;yPosition&quot;:&quot;1&quot;,&quot;yModuleName&quot;:&quot;content-canvas&quot;,&quot;yLinkText&quot;:&quot;status page&quot;,&quot;yHasCommerce&quot;:false}\">status page <\/a>was down, and a post from its <a class=\"link \" href=\"https:\/\/bsky.app\/profile\/status.bsky.app\/post\/3mjx6iwke4s2a\" data-i13n=\"cpos:6;pos:1\" rel=\"nofollow noopener\" target=\"_blank\" data-ylk=\"slk:server status;cpos:6;pos:1;elm:context_link;itc:0;sec:content-canvas\" data-yga=\"{&quot;yLinkPosition&quot;:&quot;6&quot;,&quot;yLinkElement&quot;:&quot;context_link&quot;,&quot;yPosition&quot;:&quot;1&quot;,&quot;yModuleName&quot;:&quot;content-canvas&quot;,&quot;yLinkText&quot;:&quot;server status&quot;,&quot;yHasCommerce&quot;:false}\">server status<\/a> account indicated that there were &#8220;elevated errors and timeouts on some Bluesky-hosted services.&#8221; Bluesky said it was investigating.<\/p>\n","protected":false},"excerpt":{"rendered":"Mastodon seems to be recovering after a Distributed Denial of Service (DDoS) attack that took down its primary&hellip;\n","protected":false},"author":2,"featured_media":389367,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[201531,95497,27670,111,139,69,201532,145],"class_list":{"0":"post-389366","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-technology","8":"tag-andy-piper","9":"tag-distributed-denial-of-service","10":"tag-mastodon","11":"tag-new-zealand","12":"tag-newzealand","13":"tag-nz","14":"tag-server-status","15":"tag-technology"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/posts\/389366","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/comments?post=389366"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/posts\/389366\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/media\/389367"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/media?parent=389366"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/categories?post=389366"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/nz\/wp-json\/wp\/v2\/tags?post=389366"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}