Mastodon’s flagship server was hit by a distributed denial-of-service attack on Monday, the social networking software maker said, which rendered the instance unusable at times.

Much of the site was inaccessible, throwing error messages or displaying a full-screen outage warning.

The makers of the decentralized social networking software, which runs its official mastodon.social instance, said in a status update at around 7 a.m. ET on Monday that it was investigating the cyberattack.

By 9:05 a.m. ET, Mastodon said it implemented a “countermeasure against the DDoS attack, and the site is accessible.” However, the company warned that some instability may continue to be seen as the attack is ongoing.

The cyberattack targeting Mastodon comes days after Bluesky, another decentralized social network, resolved much of its days-long outages following a lengthy DDoS attack. As of Bluesky’s update on April 17, the DDoS attack continues, but its service has been stable since April 16 at 9 PM PDT. Today’s update confirmed the ongoing stability.

Representatives for Mastodon did not immediately comment on the cause of the cyberattack when contacted by TechCrunch.

Image Credits:TechCrunch (screenshot)

Distributed denial-of-service (DDoS) attacks rely on sending massive amounts of junk web traffic towards an app or website’s servers, with the aim of knocking them offline. These cyberattacks don’t involve data theft, but DDoS attacks can be disruptive to users.

DDoS attacks have become exponentially more powerful over the years. Last year, network security company Cloudflare said it mitigated what it says is the largest DDoS attack to date, measuring a peak of 29.7 terabits per second, the equivalent of filling up thousands of hard drives with data every minute.

When aimed at decentralized social networking services, the attacks can cause instability and outages, but not everyone is taken offline. In Bluesky’s case, for instance, those who had moved their account to other providers, like Blacksky, which run on the same protocol and interoperate with Bluesky, were not impacted.

Similarly, the attack on Mastodon has so far targeted only the larger server (mastodon.social) and not the many smaller instances that make up the full Mastodon social network.

Topics

Bluesky, cyberattack, ddos, Mastodon, Security, social media

Zack Whittaker

Security Editor

Zack Whittaker is the security editor at TechCrunch. He also authors the weekly cybersecurity newsletter, this week in security.

He can be reached via encrypted message at zackwhittaker.1337 on Signal. You can also contact him by email, or to verify outreach, at zack.whittaker@techcrunch.com.

View Bio

Sarah Perez

Consumer News Editor

Sarah has worked as a reporter for TechCrunch since August 2011. She joined the company after having previously spent over three years at ReadWriteWeb. Prior to her work as a reporter, Sarah worked in I.T. across a number of industries, including banking, retail and software.

You can contact or verify outreach from Sarah by emailing sarahp@techcrunch.com or via encrypted message at sarahperez.01 on Signal.

View Bio

April 30

San Francisco, CA

StrictlyVC kicks off the year in SF. Get in the room for unfiltered fireside chats with industry leaders, insider VC insights, and high-value connections that actually move the needle. Tickets are limited.

Mastodon says its flagship server was hit by a DDoS attack