Bluesky, the decentralized social media platform, fully restored its network operations on April 21, 2026, following a sophisticated Distributed Denial of Service (DDoS) attack that resulted in a 24-hour service disruption. The outage, which reached its peak intensity during the early hours of April 21, affected the platform’s core functionalities for its estimated 43.7 million users. While the underlying data remained secure, the attack effectively severed the connection between users and the platform’s indexing services, rendering feeds, notifications, and search functions inaccessible across both mobile and web interfaces.
Technical post-mortems provided by the Bluesky engineering team indicated that the assault reached a peak traffic volume of 1 terabit per second (Tbps). The attackers utilized a combination of high-volume API requests and DNS amplification to overwhelm the platform’s relay infrastructure. This surge led to a cascade of technical failures, most notably ephemeral port exhaustion, where the network infrastructure ran out of available connections to process legitimate user traffic. Users attempting to access the service reported persistent Error 503 Service Unavailable messages and Rate Limit Exceeded warnings, even when their individual usage was minimal.
Responsibility for the disruption was claimed by a pro-Iran hacker group known as 313 Team, also referred to as the Islamic Cyber Resistance in Iraq. In a statement released via their Telegram channel on April 21, the group characterized the operation as a massive cyberattack targeting Bluesky’s API. Security researchers have previously linked 313 Team to retaliatory cyber operations aligned with regional geopolitical interests. The group specifically highlighted the platform's content moderation policies as a primary motive for the assault, though Bluesky has not officially commented on the attribution.
The impact of the outage was felt globally, with third-party monitoring services recording over 60,000 incident reports at the height of the disruption. Although Bluesky is built on the decentralized AT Protocol, the centralized relay and AppView components operated by Bluesky PBC became a bottleneck under the sustained volumetric pressure. The company confirmed that while the Following and Discover feeds were offline, individual Personal Data Servers (PDS) remained operational, though they could not broadcast new posts to the wider network until the relay services were stabilized.
In an official statement issued late on April 21, Bluesky confirmed that its engineers had successfully implemented enhanced rate-limiting and Anycast routing adjustments to neutralize the remaining attack traffic. The company emphasized that there was no evidence of unauthorized access to private user data or any compromise of account security. To bolster future resilience, Bluesky announced plans to further distribute its indexing load across a broader array of independent relay operators, aiming to eliminate the single points of failure exploited during this 24-hour event.