Mastodon Hit by Major DDoS Attack: Service Disruptions and Recovery Efforts

Mastodon is recovering from a major Distributed Denial of Service (DDoS) attack that disrupted its primary mastodon.social instance early Monday morning. The attack rendered much of the Mastodon-operated server inaccessible, prompting immediate response efforts.

Andy Piper, Mastodon’s head of communications, described the incident as a "major" attack. A few hours after the disruption began, Mastodon updated its status page to announce the implementation of countermeasures. Users were advised that access to mastodon.social should gradually return, though Piper cautioned that "some ongoing instability is a possibility" as the platform recovered.

It remains unclear whether additional Mastodon instances were targeted. The mastodon.social server, operated directly by the nonprofit behind Mastodon, is the largest server on the federated platform.

Recent DDoS Attacks on Decentralized Platforms

This incident marks the second time in recent days that a decentralized social platform has faced a DDoS attack. Last week, Bluesky also experienced a significant disruption after a DDoS incident took parts of its service offline for several hours.

Bluesky initially posted a final update on Monday morning, stating that its service had "remained stable" and that there was "no evidence of unauthorized access to private user data." However, further issues emerged later in the day. The platform’s official status page went down, and a post from its server status account reported "elevated errors and timeouts on some Bluesky-hosted services." Bluesky confirmed it was investigating the cause of the renewed disruptions.