The social media platform Bluesky has confirmed that a sophisticated Distributed Denial-of-Service (DDoS) attack is responsible for the ongoing service interruptions affecting its website and app since Monday, April 15. The company's chief operating officer, Rose Wang, stated that the attack is continuing to impact operations, causing intermittent failures for users attempting to access feeds, notifications, and search functions.

Bluesky's protocol engineer, Bryan Newbold, remarked on the severity of the situation early Wednesday, stating, "oof, our services are getting pretty hard tonight." The company has assured users that there is no evidence of unauthorized access to private data, but the attack has caused significant disruption, with the platform's own status page also being affected.

Intermittent Access and User Impact

Because the outages are intermittent, the Bluesky site and app will load slowly at times, while at other times displaying error messages. Users attempting to switch to popular feeds like 'Discover' or the official Bluesky Team feed often encounter a message stating, "This feed is currently receiving high traffic and is temporarily unavailable. Please try again later. Message from server: Rate Limit Exceeded."

Other functions, such as visiting a user's profile, can also fail, forcing repeated refresh attempts. The company first received reports of the intermittent outages at approximately 11:40 p.m. PDT on April 15, with its team working through the night to mitigate the attack, which intensified throughout the following day.

Attack Details and Broader Protocol Stability

A Distributed Denial-of-Service attack involves overwhelming a website or application with junk web traffic to overload its servers and knock them offline. While these attacks do not typically involve system intrusions, they are highly disruptive to both the company and its user base.

Notably, while Bluesky's central services are impacted, other independent communities running their own infrastructure on the underlying AT Protocol that powers the decentralized social network appear to be functioning normally for the time being. This highlights the distributed nature of the network's architecture.

Ongoing Response and Communication

When initially contacted for comment on Thursday, Bluesky directed inquiries to its status page and the @status.bsky.app account for updates, without providing an estimated time for a full resolution. The strain on the team was evident this week, with one message on the status page containing a typo referencing an incident in one of its "reginos [sic]".

The company has committed to providing another update on the status of the attack and its mitigation efforts by 1 p.m. ET on Friday, April 19. The ongoing situation leaves users with unstable access as Bluesky continues its defensive measures against the cyberattack.