2 days ago
3
9:58 AM PDT · April 20, 2026
Mastodon’s flagship server was deed by a distributed denial-of-service onslaught connected Monday, the societal networking bundle shaper said, which rendered the lawsuit unusable astatine times.
Much of the tract was inaccessible, throwing mistake messages oregon displaying a full-screen outage warning.
The makers of the decentralized societal networking software, which runs its authoritative mastodon.social instance, said successful a status update at astir 7 a.m. ET connected Monday that it was investigating the cyberattack.
By 9:05 a.m. ET, Mastodon said it implemented a “countermeasure against the DDoS attack, and the tract is accessible.” However, the institution warned that immoderate instability whitethorn proceed to beryllium seen arsenic the onslaught is ongoing.
The cyberattack targeting Mastodon comes days aft Bluesky, different decentralized societal network, resolved overmuch of its days-long outages pursuing a lengthy DDoS attack. As of Bluesky’s most caller update connected April 17, the DDoS onslaught continues, but its work has been unchangeable since April 16 astatine 9 PM PDT.
Representatives for Mastodon did not instantly remark connected the origin of the cyberattack erstwhile contacted by TechCrunch.
Image Credits:TechCrunch (screenshot)Distributed denial-of-service (DDoS) attacks trust connected sending monolithic amounts of junk web postulation towards an app oregon website’s servers, with the purpose of knocking them offline. These cyberattacks don’t impact information theft, but DDoS attacks tin beryllium disruptive to users.
DDoS attacks person go exponentially much almighty implicit the years. Last year, web information institution Cloudflare said it mitigated what it says is the largest DDoS onslaught to date, measuring a highest of 29.7 terabits per second, the equivalent of filling up thousands of hard drives with information each minute.
When aimed astatine decentralized societal networking services, the attacks tin origin instability and outages, but not everyone is taken offline. In Bluesky’s case, for instance, those who had moved their relationship to different providers, similar Blacksky, which tally connected the aforesaid protocol and interoperate with Bluesky, were not impacted.
Similarly, the onslaught connected Mastodon has truthful acold targeted lone the larger server (mastodon.social) and not the galore smaller instances that marque up the afloat Mastodon societal network.
Zack Whittaker is the information exertion astatine TechCrunch. He besides authors the play cybersecurity newsletter, this week successful security.
He tin beryllium reached via encrypted connection astatine zackwhittaker.1337 connected Signal. You tin besides interaction him by email, oregon to verify outreach, astatine zack.whittaker@techcrunch.com.
Sarah has worked arsenic a newsman for TechCrunch since August 2011. She joined the institution aft having antecedently spent implicit 3 years astatine ReadWriteWeb. Prior to her enactment arsenic a reporter, Sarah worked successful I.T. crossed a fig of industries, including banking, retail and software.
You tin interaction oregon verify outreach from Sarah by emailing sarahp@techcrunch.com oregon via encrypted connection astatine sarahperez.01 connected Signal.
English (US) ·