A hacking group has claimed credit for one of its biggest social media outages in years on Tuesday — when millions of accounts went down worldwide on Facebook, Instagram, Facebook Messenger, Threads, and WhatsApp.
The ‘hacktivist’ group Anonymous claimed it was a cyber attack, but Meta has been tight-lipped on what caused the outage, simply calling it a ‘technical issue.’
Meta’s loss of service came soon after the AT&T outage that some speculated was caused by malicious hackers, as well as the United Healthcare ransomware attack, which ended when the US’s largest health insurer allegedly paid a $22 million ransom to the cybercriminals responsible.
A cybersecurity expert told DailyMail.com that a cyberattack ‘cannot be ruled out entirely,’ but said it was more likely either human error from someone at Meta, or a technical issue with the company’s servers.
Hacktivist group Anonymous seemed to claim responsibility for the outage, but it is common for hackers to falsely claim attacks in order to sow disinformation and bolster their credibility
Meta revealed the massive outage that hit Facebook, Instagram, WhatsApp, Threads, and Messenger was caused by ‘technical issues’ – but has not shared exactly what the ‘issues’ are
Meta does not have social media accounts that update users of the status of the company’s different sites, so many users were left speculating when they got vague error messages.
As is often the case in the wake of a cyberattack, multiple hacker groups rushed to say they were responsible.
Anonymous, for instance, posted an American flag emoji on X, along with the following message: ‘A cyber attack is happening right now on all American social platforms.’
The group included a screenshot from the site DownDetector, which tracks user-reported outages for websites.
But just because they claimed responsibility does not make it so.
Cybersecurity experts call this phenomenon ‘post-event victim claiming,’ and it happened right after the AT&T outage, too.
In that event, multiple different groups claimed responsibility, but experts doubted whether they were truly to blame.
‘There is currently nothing but a social post to suggest this was a cyberattack,’ Jake Moore, global cybersecurity advisor for ESET, told DailyMail.com.
‘With limited data and tight lips from Meta it would be difficult to speculate although it cannot be ruled out entirely,’ he added.
Meta’s representatives continue to remain vague.
‘Earlier today, a technical issue caused people to have difficulty accessing some of our services,’ wrote Meta communications director Andy Stone in a post on X. ‘We resolved the issue as quickly as possible for everyone who was impacted, and we apologize for any inconvenience.’
DailyMail.com reached out to Meta for comment.
Even Meta employees experienced issues on Tuesday, reporting that they were unable to log into company systems, which led them to wonder whether they were laid off, according to Reuters.
It’s not the first time a huge company – including Meta – has fallen offline, Moore pointed out.
Facebook’s 2021 outage was caused by an accident that affected the company’s Domain Name Server or DNS, which could have happened this time too
‘This has previously been down to a Domain Name Server, DNS, issue,’ he said.
‘This is like a phone book for the internet which converts a web domain, (like Facebook.com) into the actual IP address where the site lives.’
When a DNS has an overload or some other network issue, it goes down.
‘As the internet grows, these issues become more frequent, especially if not future-proofed,’ said Moore.
There are some clues as to what happened, according to software company Cisco’s ThousandEyes network monitoring blog:
‘ThousandEyes can confirm that Meta’s web servers remain reachable, with network paths clear and web servers responding to users,’ they wrote.
‘However, users attempting to login are receiving error messages, suggesting a backend service, such as authentication, as the cause of the issue.’
Hackers attacking a DNS would be an effective way to topple a website and cost thousands of dollars per minute, a cybersecurity expert told DailyMail.com
This is evidence seems consistent with a DNS problem.
It would be possible to attack a DNS to take down a website, said Moore.
‘DNS attacks are a way of tipping over websites so they do not function and in turn cost thousands of dollars per minute in real time downtime,’ he said.
‘DNS attacks look to exploit vulnerabilities in the DNS infrastructure but typically on companies of this size it would take someone working from within as an insider threat to be successful,’ said Moore.
‘Again – no evidence of this yet.’
Facebook’s 2021 outage could hold clues to the latest outage.
Starting around 11:50am EST (indicated by the vertical gray bar) the Facebook app began recovering for users. The green bar indicates the page loading successfully
Users around the world experienced problems when trying to access the Facebook app, ThousandEyes oberved
That one turned out to have been caused by an insider threat, but by accident.
One faulty command entered by an engineer disconnected the company’s data centers.
When this week’s outage occurred, the screenshot shared by Anonymous showed increased outage reports not just for Meta-owned sites Facebook, Instagram, Facebook Messenger, and Threads, but also for YouTube, Google Play, and the multiplayer video game Valorant.
And indeed other sites did experience issues, which suggested something was going on beyond Meta.
But when the 2021 Facebook outage occurred, its effects rippled through the internet as users attempted to reload the app, IT service management company CloudFlare reported at the time.
Because Facebook has so many users, this meant thousands or possibly millions of people were reloading their pages over and over the same thing at once – overloading DNS servers and making other sites difficult to access.
US cybercrime officials had no clues about the incident, which occurred on Super Tuesday when 15 states have their primary elections.
‘At this time, we are not aware of any specific election nexus nor any specific malicious cyber activity nexus to the outage, but we are aware of the incident and the global scope of it,’ a senior Cybersecurity and Infrastructure Security Agency (CISA) official told Axios yesterday, before the problem had been resolved.
