Full Report
Google Cloud and Cloudflare are investigating ongoing outages impacting access to sites and various services across multiple regions. [...]
Analysis Summary
# Incident Report: Widespread Cloud Service Outage Affecting Google Cloud and Cloudflare
## Executive Summary
A widespread service outage impacted major cloud providers, specifically Google Cloud Platform (GCP) and Cloudflare, leading to significant connection and hosting problems for numerous dependent online services. The root cause was not explicitly detailed as a malicious attack but rather as a major service-level incident affecting core infrastructure components. The response involved active investigation by engineering teams across both providers, leading to service restoration.
## Incident Details
- Discovery Date: Thursday, June 12, 2025 (Beginning around 10:51 PDT)
- Incident Date: Thursday, June 12, 2025
- Affected Organization: Google Cloud Platform (GCP) and Cloudflare
- Sector: Technology / Cloud Infrastructure
- Geography: Global (Impact observed via Downdetector reports)
## Timeline of Events
### Initial Access
- Date/Time: Thursday, 2025-06-12 10:51 PDT (Start time for GCP reports)
- Vector: Internal service degradation/failure (The article implies a failure rather than an external attack vector).
- Details: Service issues began affecting multiple GCP products and numerous Cloudflare components simultaneously.
### Lateral Movement
N/A - This appears to be an infrastructure failure impacting availability, not a traditional compromise involving lateral movement.
### Data Exfiltration/Impact
- Impact: Widespread service disruption. Affected users reported problems connecting to websites, hosting services, and accessing platforms reliant on GCP or Cloudflare.
- Affected Services (GCP): Bigtable, Console, Dataproc, Storage, Cloud Data Fusion, Cloud Memorystore, Cloud Shell, Cloud Workstations, Identity Platform, Vertex AI Search, and IAM.
- Affected Services (Cloudflare): Specific services listed include Durable Objects (SQLite-backed), Workers KV, Realtime, Workers AI, Stream, Waiting Room, AI Gateway, AutoRAG, and parts of the Cloudflare dashboard.
### Detection & Response
- Detection: Detected via user reports escalating rapidly on outage monitoring services like Downdetector (tens of thousands of reports).
- Response Actions: Both Google Cloud and Cloudflare engineering teams actively investigated the issues and worked towards mitigation and restoration.
## Attack Methodology
*Note: As this report describes a service outage, not a conventional cyber attack, the methodology section reflects the nature of the disruption.*
- Initial Access: Internal infrastructure failure/degradation.
- Persistence: N/A
- Privilege Escalation: N/A
- Defense Evasion: N/A
- Credential Access: N/A
- Discovery: N/A
- Lateral Movement: N/A
- Collection: N/A
- Exfiltration: N/A
- Impact: Denial of Service (Availability loss) across relied-upon cloud services.
## Impact Assessment
- Financial: Undisclosed, but significant due to the widespread nature affecting major platforms (Spotify, Discord, AWS, Snapchat, NPM were also reported having issues concurrently, suggesting secondary or cascading effects).
- Data Breach: No evidence of data breach mentioned; the incident focused on service availability.
- Operational: Severe operational disruption for customers using the listed GCP and Cloudflare services.
- Reputational: Negative impact on the reliability perceived for both major cloud providers.
## Indicators of Compromise
This incident was an availability issue, not a confirmed intrusion. No malicious IoCs were reported.
## Response Actions
- Containment measures: Engineering investigation initiated by GCP and Cloudflare teams.
- Eradication steps: N/A (Focus was likely on root cause mitigation and service restart/stabilization).
- Recovery actions: Service restoration efforts underway by engineering teams.
## Lessons Learned
- Dependency Risk: The incident highlights the extreme operational risk organizations face when they are heavily reliant on a limited number of major cloud infrastructure providers.
- Incident Transparency: Both providers needed to actively communicate status updates (GCP published an incident report).
## Recommendations
- **Redundancy & Multi-Cloud Strategy:** Organizations utilizing critical services should implement robust resiliency planning, potentially involving multi-region or multi-cloud failover strategies for mission-critical functions.
- **Service Monitoring:** Enhance monitoring specifically for connectivity and latency related to integrated services like Workers KV or specific GCP APIs to detect degradation before widespread failure impacts users.