skout-blog

Cybersecurity Threat Update 0067-21: Regarding the Recent Facebook BGP/DNS Outage

Threat Update

On October 4, 2021, the global social network Facebook and its associated platforms faced a global outage that lasted approximately six hours. This outage not only impacted all Facebook users, but it also blocked internal communication between Facebook employees and made it difficult to resolve the incident. Although misinformation on social media theorized that the social media corporation had been compromised, Facebook has confirmed that a Border Gateway Protocol (BGP) update caused the massive service interruption.

Technical Detail & Additional Information

WHAT HAPPENED?

All websites rely on a Border Gateway Protocol to make its network visible to the rest of the internet and an Autonomous System Number (ASN) to help them reach specific IP address groups in order for users to access the website.

With this incident, a BGP update changed Facebook’s internal configurations, and the social network was no longer transmitting the prompt codes necessary for users to access the website. These changes did not allow Facebook’s DNS to resolve domain names and caused an outage for all users. Although other Facebook IP addresses were still accessible, they needed Facebook’s DNS to function, and these services also practically were offline.

Because websites as large as Facebook and Instagram have DNS resolvers that handle up to 30 times more queries than usual, this caused a cascading disruption to network traffic and on how Facebook’s data centers around the world. Facebook employees struggled to access company buildings and conference rooms during the outage, and the company had to dispatch engineers to the data center to resolve their network issues.

At the time of publication, Facebook’s services are back up and running, and there is no security risk for any Facebook users.

REFERENCES

For more in-depth information about the outage, please visit the following links:

If you have any questions, please contact our Security Operations Center.