A group of hackers on Tuesday took credit for one of the biggest social media outages in years: when millions of accounts around the world went down on Facebook, Instagram, Facebook Messenger, Threads and WhatsApp.
The ‘hacktivist’ group Anonymous claimed it was a cyberattack, but Meta has remained silent on the cause of the outage, calling it simply a ‘technical issue’.
Meta’s loss of service came shortly after the AT&T outage that some speculated was caused by malicious hackers, as well as the United Healthcare ransomware attack, which ended when the largest U.S. health insurer reportedly paid out a ransom of 22 million dollars to the cybercriminals responsible.
A cybersecurity expert told DailyMail.com that a cyberattack “cannot be completely ruled out,” but said it was more likely to be human error by someone at Meta or a technical problem with the company’s servers.
The hacktivist group Anonymous appeared to claim responsibility for the outage, but it is common for hackers to falsely claim attacks to sow misinformation and bolster their credibility.
Meta revealed that the massive outage affecting Facebook, Instagram, WhatsApp, Threads, and Messenger was caused by “technical issues,” but has not shared exactly what the “issues” are.
Meta does not have social media accounts that update users on the status of the company’s different sites, so many users were left speculating when they received vague error messages.
As is often the case after a cyberattack, several hacking groups were quick to say they were responsible.
Anonymous, for example aware an emoji of the American flag in an X, along with the following message: “A cyberattack is happening right now on all American social platforms.”
The group included a screenshot of the site DownDetector, which tracks website outages reported by users.
But just because they took responsibility doesn’t mean that’s the case.
Cybersecurity experts call this phenomenon “post-event victim claiming” and it also occurred right after the AT&T outage.
In that case, several different groups claimed responsibility, but experts doubted whether they were actually to blame.
“There is currently nothing other than a social post to suggest this was a cyberattack,” Jake Moore, global cybersecurity advisor at ESET, told DailyMail.com.
“With limited data and Meta’s tight lips, it would be difficult to speculate, although it cannot be completely ruled out,” he added.
Meta representatives remain vague.
“Earlier today, a technical issue caused people to have difficulty accessing some of our services,” Meta communications director Andy Stone wrote in a mail at X. “We resolved the issue as quickly as possible for everyone affected and apologize for any inconvenience.”
DailyMail.com has contacted Meta for comment.
Even Meta employees experienced problems Tuesday, reporting they couldn’t log into the company’s systems, leading them to wonder if they were fired, according to Reuters.
It’s not the first time a large company, including Meta, has gone offline, Moore said.
Facebook’s downfall in 2021 was caused by an accident that affected the company’s domain name server or DNS, which could have also happened this time
“This was previously due to a problem with the domain name server, DNS,” he said.
“This is like a phone book for the Internet that turns a web domain (like Facebook.com) into the actual IP address where the site resides.”
When a DNS has an overload or some other network problem, it goes down.
“As the Internet grows, these problems become more common, especially if they are not prepared for the future,” Moore said.
There are a few clues as to what happened, according to software company Cisco’s ThousandEyes network monitoring blog:
“ThousandEyes can confirm that Meta’s web servers remain reachable, with network paths clear and web servers responding to users,” they wrote.
“However, users trying to log in receive error messages suggesting a backend service, such as authentication, as the cause of the problem.”
Hackers attacking a DNS would be an effective way to take down a website and would cost thousands of dollars per minute, a cybersecurity expert told DailyMail.com.
This is evidence that seems consistent with a DNS problem.
It would be possible to attack a DNS to take down a website, Moore said.
“DNS attacks are a way to crash websites and in turn cost thousands of dollars per minute in real downtime,” he said.
“DNS attacks seek to exploit vulnerabilities in the DNS infrastructure, but typically in companies of this size it would require someone working from the inside as an insider threat to be successful,” Moore said.
“Again, there is no evidence of this yet.”
Facebook’s 2021 outage could hold clues to the latest outage.
As of 11:50 am EST (indicated by the vertical gray bar), the Facebook app began to recover for users. The green bar indicates that the page loaded successfully.
Users around the world experienced problems when trying to access the Facebook app, ThousandEyes noted
That one turned out to have been caused by an insider threat, but by accident.
A faulty command entered by an engineer took the company’s data centers offline.
When this week’s outage occurred, the screenshot shared by Anonymous showed an increase in outage reports not only for the Meta Facebook-owned sites Instagram, Facebook Messenger, and Threads, but also for YouTube, Google Play, and the Valorant multiplayer video game.
And in fact, other sites experienced problems, suggesting that something was happening beyond Meta.
But when the Facebook outage hit in 2021, its effects spread across the internet as users tried to reload the app, according to IT service management company CloudFlare. reported At the time.
Because Facebook has so many users, this meant that thousands or possibly millions of people were reloading their pages over and over with the same thing at once, overloading DNS servers and making it difficult to access other sites.
US cybercrime officials had no leads about the incident, which occurred on Super Tuesday, when 15 states hold their primaries.
“At this time, we are not aware of any specific election nexus or any specific malicious cyber activity to the outage, but we are aware of the incident and its global reach,” said a senior official at the Cybersecurity and Infrastructure Security Agency (CISA). ). The official told Axios yesterday, before the issue was resolved.