Summary: A mishandling of an abuse report led to a significant outage in Cloudflareβs R2 object storage platform, which caused service interruptions across multiple services for nearly an hour. The incident was attributed to human error and inadequate safeguards against disabling critical services. Immediate corrective measures have been implemented, along with plans for further enhancements to prevent future occurrences.
Affected: Cloudflare R2 Object Storage and multiple interdependent services
Keypoints :
- An abuse report response mistakenly disabled the entire R2 Gateway service, rather than the intended phishing URL.
- Services impacted included Stream, Images, Cache Reserve, Vectorize, Log Delivery, and Key Transparency Auditor, with varying degrees of failure.
- Immediate fixes and future plans include restrictions on service disablement, improved access controls, and a two-party approval process for high-risk changes.