Cloudflare outage knocks out ChatGPT, Uber, and X Corp. in 30-minute global internet meltdown

At 1:53 p.m. UTC on July 2, 2024, the internet hiccuped — then staggered. Thousands of websites went dark. Apps froze. Emergency portals went offline. And it all traced back to a single line of faulty code inside Cloudflare, Inc., the quiet giant that quietly runs half the web. By 2:23 p.m., services were restored. But the damage? That’s still being measured.

The Moment the Web Held Its Breath

It started with silence. No warning. No alert. Just a cascade of failures. OpenAI, Inc.’s ChatGPT went unresponsive. Uber Technologies, Inc.’s app couldn’t connect. X Corp., the platform once known as Twitter, showed error messages instead of timelines. Discord users got locked out. Even the U.K.’s National Health Service appointment system and Australia’s myGov portal crashed — just as people were trying to book medical checkups or file tax documents.

The culprit? A software bug, introduced during what Cloudflare called a "routine deployment" to its edge network. The code, identified as commit 8a3f7b2d, triggered a global routing loop. Think of it like a traffic signal stuck on green in every direction — packets of data spun endlessly, collapsing the network. At its peak, between 2:07 and 2:12 p.m. UTC, Cloudflare, Inc. lost 4.8 terabits per second of traffic — enough to stream every Netflix show in the world simultaneously, three times over.

Apology in Real Time

Matt Prince, co-founder and CEO of Cloudflare, Inc., didn’t wait for a press release. At 2:30 p.m. UTC, he posted on X: "We know we let you down today. Cloudflare experienced a global outage due to a software bug. We are working to restore services as quickly as possible." It was raw. Unpolished. Human.

That apology landed differently because Cloudflare isn’t just another tech firm. It’s the invisible backbone. Nearly 20 million websites — from small blogs to Fortune 500s — rely on its DNS, CDN, and DDoS protection. When it stumbles, the whole web feels it. By 3:15 p.m., Cloudflare confirmed to Campaign Live that they’d identified the issue. But the damage was done. Downdetector recorded over 1.2 million outage reports in a 10-minute window — the highest spike since the 2021 Facebook meltdown.

Who Got Hit — And Where?

This wasn’t a regional glitch. It was global. Users in New York City couldn’t load news sites. Londoners found their banking apps frozen. Tokyo commuters missed train updates. São Paulo’s e-commerce sites timed out. Even Feedly SAS in Paris went dark.

According to Kentik, Inc.’s analytics, this outage disrupted roughly 5.7% of global internet traffic — the largest single-event impact since 2021. And it wasn’t just convenience. Emergency services, healthcare portals, and government platforms were all affected. An estimated 850,000 citizens were locked out of critical services during those 30 minutes.

The System Was Supposed to Prevent This

Cloudflare claims it added 12 new validation checks after its 2022 outage. So how did this slip through?

Turns out, the bug exploited an untested edge case in how the system handled Border Gateway Protocol (BGP) routing — the internet’s equivalent of a GPS for data. The software thought it was routing traffic to a dead end, so it kept looping it back. Like a GPS telling you to turn around and go the same way — 10,000 times a second.

And here’s the kicker: Cloudflare’s service level agreement guarantees 99.995% uptime. That’s 26.3 minutes of allowed downtime per year. This single incident used up more than 114% of that annual allowance. Yet, as of 8 p.m. UTC on July 2, no compensation had been offered to enterprise customers — despite the SLA mandating a 10% credit for downtime exceeding 0.005% in a billing cycle.

What Experts Are Saying

Dr. Jane Smith, a network resilience expert at the University of Technology Sydney, put it bluntly: "This outage underscores the systemic risk posed by the concentration of critical internet infrastructure in a handful of providers. Diversification of routing providers is essential for ecosystem resilience. We’re one bug away from chaos — again."

Her point isn’t new. But it’s louder now. The internet was built to be decentralized. Today, it’s dominated by a handful of providers: Cloudflare, Amazon Web Services, Google Cloud, Microsoft Azure. When one falters, the whole house trembles.

What Comes Next?

Cloudflare promised a full root cause analysis by 11:59 p.m. UTC on July 4, 2024 — personally overseen by Matthew Prince. The U.S. Federal Trade Commission is watching. No formal inquiry has been launched, but regulators are aware. The stock price dipped 1.2% — barely a blip. Wall Street, it seems, still trusts Cloudflare’s long-term story.

But for the millions who couldn’t access their apps, their health records, or their jobs — trust isn’t a metric. It’s a feeling. And right now, it’s shaky.