If you spent part of this afternoon staring at a spinning loader or an app that just wouldn’t connect, it wasn’t your router or your ISP.
At 13:35 UTC, Cloudflare engineers started flagging elevated error rates and latency across multiple services. About an hour later, at 14:37 UTC, they had a cause: a fiber cut in Eastern North America. As of 14:48 UTC, they were still working on it. No fix posted yet.
What went down
The Downdetector graphs are the best way to see what actually happened. In the same narrow window, X (Twitter), Zoom, Microsoft Teams, Reddit, Amazon Web Services, Square, Canva and any service that relied on Cloudflare in some way or the other, all went down. When you see that pattern, it’s not twelve separate individual issues. It’s one broken upstream that all of them share.
The confusing part for most users is that it didn’t look like “the internet is down.” It looked like each app was individually broken. Logins that hung. Pages that half-loaded. API calls that went nowhere. None of the error screens mentioned Cloudflare. They just looked like Zoom was struggling, or like Discord’s servers were having a moment. That’s the thing about infrastructure failures at this layer, when it breaks, it shows up everywhere except where it started.
Why Cloudflare going down hits this many things at once
Cloudflare isn’t one product. It’s a network layer that sits in front of a huge portion of the web, quietly handling traffic that most people never think about. CDN caching, so assets don’t have to load from origin servers every time. DNS resolution. DDoS filtering. Zero-trust proxies for remote workers. Any of those degrading hit’s different services differently – broken CDN means assets time out, broken DNS means domains stop resolving, degraded proxies mean authenticated sessions drop. From the user’s side it all looks the same: the app doesn’t work.
Cloudflare handles somewhere around 25% of all internet traffic, possibly more depending on how you count. When that much traffic runs through one provider, the fallout from even a partial outage isn’t proportional to what actually broke, it’s proportional to how many things quietly depend on it.
AT&T and Google showing up is worth noting
Both companies run large, independent networks. AT&T is a carrier. Google has one of the biggest private backbone networks anywhere. The fact that both spiked on Downdetector in the same window suggests the fiber cut may have hit upstream transit paths that multiple operators share for routing traffic between North America and Europe, not just infrastructure that Cloudflare specifically owns.
If that’s right, this isn’t purely a Cloudflare story. It’s a severed physical route that several major networks depend on, and Cloudflare is just the biggest one that’s hit because so much global traffic runs through it.
How fiber cuts happen
First uup, fiber cuts are not at all rare. Construction crews hitting a conduit. Ships dragging anchors across submarine cable routes. Weather, vehicles, animals – all can lead to fiber cut on a pretty regular basis. What makes today’s one feel bigger than it should is the concentration of traffic that now runs through a relatively small number of providers and routes. A cut in a busy transit corridor in 2026 lands differently than the same cut would have in 2000, when traffic was more spread out and fewer services shared the same upstream paths.
Eastern North America is one of the densest transit corridors there is. Rerouting the volume that normally flows through it isn’t a quick failover.
What to watch for
Cloudflare will almost certainly publish a post-incident report. The things worth reading when it comes out. How long the actual gap was between the cut and traffic starting to move around it, whether Europe kept seeing elevated latency after North America recovered, and what the capacity picture looked like on the rerouted paths during the mitigation window.
Services were still degraded more than an hour after Cloudflare’s initial investigation update. Still ongoing. For live updates, check out cloudflarestatus.com
This post first appeared at - The CyberSec Guru