Updated (10/4/2021): Facebook and other services were back online by roughly 5:30 PM EST. The roughly six-hour outage is the worst to hit the company since 2019. The root cause is not yet known. Original story below:
At 11:39 AM EST this morning, someone at Facebook updated the company’s BGP (Border Gateway Protocol) records and knocked Facebook, Instagram, Oculus, and WhatsApp offline in the process. As of this writing, all three services remain offline.
BGP is the protocol large organizations like ISPs use for sharing information on traffic routing. If a user in Germany wants to access information on an Australian server, that data request is going to move through multiple large networks. BGP is fundamental to that process and to the function of the internet itself. When Facebook updated records with bad information it effectively deplatformed itself and its associated properties.
This isn’t just a problem for everyone who can’t access Facebook, WhatsApp, or Instagram. It’s reportedly causing headaches for Facebook employees as well:
Facebook employees can’t enter the headquarters because their badges don’t work, and those already inside can’t enter various rooms because access is linked through the IoT (Internet of Things) and so goes through the same DNS routes that no longer exist:#FacebookDown pic.twitter.com/8hAea9ZG4l
— Leah McElrath 🏳️🌈 (@leahmcelrath) October 4, 2021
It’s not currently known what caused this outage or whether or not a hack was involved. These changes came from Facebook itself, so either the company inadvertently updated its own records with incorrect information or it suffered a critical network breach. As of this writing there is no evidence to suggest an attack, but there’s only limited information available right now.
There’s nothing wrong with any of Facebook’s servers or backend, as far as we know. Without valid BGP routes, however, no other ISP or service knows how to route traffic to Facebook or its other services. FB staff are reportedly locked out of both their workplace and their Workplace — in addition to the problems with physical access mentioned above, the company’s internal work platform reportedly isn’t functional, either.
The timing of the problem will add to Facebook’s recent woes. The company has been under fire for weeks following a scathing series of reports. This weekend, whistleblower Frances Haugen went public about her work at the company and Facebook’s own efforts to push content that made people angrier and unhappier in order to boost engagement metrics.
Two other points we want to mention: Recent reports that the personal credentials of 1.5 billion FB users were being offered for sale on hacking forums both predate this event and do not appear to be related to it. Second, Facebook.com is not actually up for sale, despite the fact that it’s appeared on several domain registrars. Facebook is its own domain registrar, reports Ars Technica, and thus we will not be treated to the delightful schadenfreude of watching Facebook sue to get its own brand back after what may have been a brilliant self-own.
WhatsApp Hit by VoIP Spyware Attack
Facebook-owned WhatsApp is the most popular messaging platform in the world with more than 1.5 billion active users. That makes it a big target for hackers, and one group reportedly discovered a vulnerability that allowed them to inject malware into phones.