Facebook blames networking issues, not a cyberattack, for long downtime

Smoke doesn't always mean fire.
The Facebook logo is displayed next to a screen showing that the Facebook website is down on October 04, 2021 in San Anselmo, California. Social media applications Facebook, Instagram and WhatsApp are experiencing a global outage that started before 9 a.m. (P.S.T.) on Monday morning. (Photo Illustration by Justin Sullivan/Getty Images)

Facebook, Instagram and WhatsApp largely returned to the internet late Monday following a six hour-long outage that outsiders suggested, without evidence, was the result of a cyberattack.

In an Oct. 4 statement, the company apologized for the long downtime, blaming the matter on networking issues. Configuration changes “on the backbone routers that coordinate network traffic between our data centers” interrupted communication, Facebook said, causing a “cascading effect” that disrupted the flow of communication. The same issue also halted Facebook’s internal systems, further delaying the recovery process.

Independent security experts suggested from the beginning that the company’s Domain Name System, the technological protocol by which connected devices locate one another on the internet, was somehow to blame.

“We want to make clear at this time we believe the root cause of this outage was a faulty configuration change,” Santosh Janarhan, vice president of Facebook Infrastructure, said in a statement. “We also have no evidence that user data was compromised as a result of this downtime.”


The sites’ downtime, which began at approximately 11:50 a.m. EST Monday, came less than 24 hours after a former Facebook employee, Frances Haugen, appeared in a “60 Minutes” interview, saying the company has consistently failed to clean up hate speech and disinformation in the name of profit. That interview aired after a series of Wall Street Journal stories cited internal documents which described how the company was aware that Facebook-owned Instagram worsened body image issues for teenage girls, among other revelations.

For many social media users, the timing was too much of a coincidence to ignore.

One Twitter account belonging to a music and audio equipment business posted a screenshot of apparently random DNS addresses, speculating that “from the looks of it….that means Facebook is GONE,” attracting a flurry of engagement.

Another tweet originating from what appears to be a small technology startup also seized on Twitter conversation, as first noticed by Aric Toler, a Bellingcat researcher. The company claimed that a database of more than 1.5 billion Facebook profiles was for sale on a dark web forum, aiming to connect the listing to the larger downtime.

The post was based on a weeks-old listing on a cybercrime marketplace where the original seller promises only surface-level profile information such as users’ email addresses, gender, location and phone numbers. The data is scraped from Facebook, meaning someone used an automated scan to gather public information, rather than gathering information via an unauthorized intrusion.


Facebook whistleblower Haugen planned to address the outage during congressional testimony on Tuesday.

“I don’t know why it went down, but I know that for more than five hours Facebook wasn’t used to deepen divides, destabilize democracies and make young girls and women feel bad about their bodies,” Haugen planned to say, according to prepared remarks.

“It also means that millions of small businesses weren’t able to reach potential customers and countless photos of new babies weren’t joyously celebrated by family and friends around the world … We can have social media we enjoy, that connects us, without tearing apart our democracy, putting our children in danger and sowing ethnic violence across the world,” she said.

Jeff Stone

Written by Jeff Stone

Jeff Stone is the editor-in-chief of CyberScoop, with a special interest in cybercrime, disinformation and the U.S. justice system. He previously worked as an editor at the Wall Street Journal, and covered technology policy for sites including the Christian Science Monitor and the International Business Times.

Latest Podcasts