A hacking group on Tuesday took credit for one of the biggest social media outages in years – when millions of accounts worldwide went offline on Facebook, Instagram, Facebook Messenger, Threads and WhatsApp.
The ‘hacktivist’ group Anonymous claimed it was a cyber attack, but Meta remained tight-lipped about the cause of the outage, simply calling it a ‘technical issue’.
Meta’s loss of service came on the heels of the AT&T outage that some speculated was caused by malicious hackers, as well as the United Healthcare ransomware attack, which ended with the U.S.’s largest health insurer reportedly demanding a $22 ransom million paid to the cyber criminals responsible.
A cybersecurity expert told DailyMail.com that a cyber attack “cannot be completely ruled out”, but said it was more likely to have been human error by someone at Meta, or a technical problem with the company’s servers.
Hacktivist group Anonymous appeared to claim responsibility for the outage, but it is common for hackers to falsely claim attacks to spread disinformation and boost their credibility.
Meta revealed that the massive outage affecting Facebook, Instagram, WhatsApp, Threads and Messenger was caused by ‘technical issues’ – but didn’t share exactly what the ‘issues’ are
Meta doesn’t have social media accounts that keep users informed about the status of the company’s various sites, so many users were left speculating when they started receiving vague error messages.
As is often the case after a cyberattack, several hacker groups rushed to say they were responsible.
Anonymous, e.g. Posted an emoji with the American flag over X, along with the following message: “A cyber attack is currently underway on all US social platforms.”
The group included a screenshot from the site DownDetector, which tracks user-reported outages for websites.
But the fact that they have claimed responsibility does not mean that this is the case.
Cybersecurity experts call this phenomenon “post-event victim claiming,” and it also happened right after the AT&T outage.
In that case, several different groups claimed responsibility, but experts doubted whether they were actually guilty.
“There is currently nothing other than a social post to suggest this was a cyber attack,” Jake Moore, global cybersecurity advisor for ESET, told DailyMail.com.
“With limited data and tight-lipped Meta, it would be difficult to speculate, although it cannot be completely ruled out,” he added.
Meta’s representatives remain vague.
“Earlier today, a technical issue caused people to have difficulty accessing some of our services,” Meta communications director Andy Stone wrote in a statement. after at
DailyMail.com contacted Meta for comment.
Even Meta employees experienced problems on Tuesday, reporting they couldn’t log into company systems, leading them to wonder if they had been fired, according to Reuters.
It is not the first time that a large company – including Meta – has gone offline, Moore emphasizes.
Facebook’s 2021 outage was caused by an accident that affected the company’s domain name server, or DNS, which could have happened this time as well
“This was previously due to an issue with the domain name server and DNS,” he said.
“This is like a phone book for the Internet that converts a web domain (like Facebook.com) to the actual IP address where the site is located.”
When a DNS has an overload or other network problem, it goes down.
“As the Internet grows, these problems become more common, especially if they are not future-proofed,” says Moore.
There are some clues as to what happened, according to software company Cisco’s ThousandEyes network monitoring blog:
“ThousandEyes can confirm that Meta’s web servers remain reachable, with clear network paths and web servers responding to users,” they wrote.
“However, users who attempt to log in receive error messages, indicating that a backend service, such as authentication, is the cause of the problem.”
Hackers attacking a DNS would be an effective way to take down a website and cost thousands of dollars per minute, a cybersecurity expert told DailyMail.com
This evidence appears to be consistent with a DNS problem, Moore said.
It would be possible to attack a DNS to take down a website, he added.
“DNS attacks are a way to take down websites so that they no longer function and in turn cost thousands of dollars per minute in real-time downtime,” he said.
“DNS attacks appear to exploit vulnerabilities in the DNS infrastructure, but at companies of this size they typically require someone working from within as an insider threat to be successful,” Moore said.
“Again, there’s no evidence for that yet.”
Facebook’s 2021 outage could hold clues to the latest outage.
Starting around 11:50 a.m. EST (indicated by the vertical gray bar), the Facebook app began to recover for users. The green bar indicates that the page has loaded successfully
Users around the world experienced issues when trying to access the Facebook app, ThousandEyes noted
It turned out to have been caused by an insider threat, but by accident.
One incorrect command, entered by an engineer, disconnected the company’s data centers.
When this week’s outage occurred, the screenshot shared by Anonymous showed increased outage reports not only for Meta sites Facebook, Instagram, Facebook Messenger, and Threads, but also for YouTube, Google Play, and the multiplayer video game Valorant.
And indeed other sites were experiencing problems, suggesting something was going on outside Meta.
But when the Facebook outage happened in 2021, its effects rippled through the internet as users tried to reload the app, says IT service management company CloudFlare reported at the time.
Because Facebook has so many users, this meant that thousands or possibly millions of people were reloading their pages at the same time over and over again, overloading the DNS servers and making other sites difficult to access.
US cybercrime officials had no leads on the incident, which took place on Super Tuesday, when 15 states hold their primaries.
“At this time we are not aware of a specific election connection, nor a specific malicious cyber activity connection to the outage, but we are aware of the incident and its global scale,” said a senior Cybersecurity and Infrastructure Security Agency (CISA ). An official told Axios yesterday, before the issue was resolved.