Bluesky attributes widespread outages to a sophisticated DDoS attack
Bluesky confirms that outages were caused by a sophisticated DDoS attack that disrupted feeds, notifications, and search services.
Users of Bluesky experienced repeated service disruptions after the platform confirmed it was dealing with a large-scale cyberattack that affected several core features. The incident began in the early hours of 17 April and continued throughout the day, causing frustration for users attempting to access feeds, notifications and other services.
The company acknowledged that parts of its systems were offline. It stated it was investigating what it described as an “incident with service in one of our regions”, repeating the same wording published in its original status update, including the typographical error. The disruptions were first detected at 1:42 AM Eastern Time and remained unresolved for several hours, with service interruptions continuing intermittently.
Although the platform remained partially accessible for some users, the unstable nature of the outage led many to experience repeated failures when loading content. The company also reported occasional problems with its own system status page, which normally provides real-time updates to users during outages.
Attack identified as cause of ongoing disruptions
Later in the day, the platform disclosed further details, stating at 7:47 PM Eastern Time that it had been working to counter what it called “a sophisticated Distributed Denial-of-Service (DDoS) attack, which intensified throughout the day.” According to the company, the attack overwhelmed its infrastructure, resulting in widespread service interruptions.
Our team received a report of intermittent app outages at about 11:40pm PDT on April 15, 2026. They worked through the night to mitigate a sophisticated Distributed Denial-of-Service (DDoS) attack, which intensified throughout the day.
— Bluesky (@bluesky) April 16, 2026
Engineers reported that the disruption affected several major platform functions, including feeds, notifications, message threads, and search tools. Users experienced difficulty viewing posts, receiving alerts and interacting with conversations. Reports from technology observers confirmed that these features became unreliable at various times during the day.
Distributed Denial-of-Service attacks are commonly used to disrupt online services by flooding servers with excessive requests, effectively blocking legitimate traffic. In some cases, such attacks can also serve as a diversion to hide more serious breaches. However, the company reassured users that it had “not seen any evidence of unauthorised access to private user data,” suggesting that the attack was limited to service disruption rather than data theft.
Despite the ongoing technical issues, the company maintained that teams were working continuously to restore normal operations. Updates released through official channels indicated that engineers were applying mitigation measures designed to filter malicious traffic and stabilise affected systems.
Service instability continues amid recent outage history
The outage did not appear to follow a single continuous failure but instead resembled what the company described as a rolling disruption. This meant that some users regained access temporarily, only to experience further interruptions later. Such inconsistent availability complicated users’ efforts to determine whether services had been fully restored.
Observers noted that the instability extended to the company’s system status page, which itself experienced occasional outages. This reduced transparency during key periods, as users were sometimes unable to confirm whether problems were widespread or isolated to their individual connections.
The incident follows another brief service disruption earlier in April, raising questions about the platform’s infrastructure’s resilience as its user base continues to expand. While the earlier outage was short-lived, the recurrence of technical difficulties in the same month has underscored the importance of strengthening defences against large-scale cyber threats.
The company stated that it would provide further updates once progress had been made in restoring stability. It indicated that another update was expected by 1 PM Eastern Time on 17 April, signalling that mitigation efforts were ongoing and that engineers were closely monitoring network traffic for signs of further malicious activity.
Technology analysts note that social media platforms are frequent targets of DDoS attacks because their open access models make them vulnerable to sudden surges in traffic. As online communities grow larger, the need for advanced security measures becomes increasingly important to maintain service reliability and user trust.
While the full extent of the disruption remained unclear at the time of reporting, the company’s acknowledgement of the attack and its assurances regarding data security offered some reassurance to users concerned about the safety of their personal information. Continued updates are expected as technical teams work to stabilise the service and prevent further interruptions.
