A service disruption at Bluesky last week exposed the growing challenges faced by fast-expanding social media platforms, after the company confirmed that a “sophisticated” distributed denial-of-service (DDoS) incident was behind widespread outages. The Bluesky cyberattack began late on April 15, 2026, and quickly escalated, interrupting core functions across the app and leaving users unable to reliably access feeds, notifications, threads, and search.
The incident occured at a time when Bluesky has been experiencing rapid user growth, making it a more visible target for large-scale attacks. While disruptions of this nature often raise concerns about potential data breaches or unauthorized access, the company repeatedly stated that the attack was limited to service availability.
Throughout the outage, Bluesky issued a series of public updates to keep users informed about the platform’s status and the steps being taken to mitigate the attack.
Bluesky Cyberattack Disrupts Core Platform Functions
The disruption began at approximately 11:40 PM PDT on April 15, when Bluesky received initial reports of intermittent outages. Engineers responded immediately, working overnight to contain what was later described as a “sophisticated” DDoS attack. As the attack intensified over the next several hours, it began to impact the platform’s functionality.
In an early update, Bluesky stated:
“We are experiencing some service interruptions, and our team is working on the issue. You can find the latest updates at status.bsky.app or follow @status.bsky.app.”
As more users reported issues, the company clarified the extent of the disruption:
“The attack is impacting our application, with users experiencing intermittent interruptions in service for their feeds, notifications, threads and search.”
DDoS attacks function by overwhelming servers with massive volumes of traffic, effectively preventing legitimate users from accessing services. In this case, the cyberattack on Bluesky followed that pattern, focusing on disrupting availability rather than infiltrating systems or extracting sensitive data.
Platform Stabilizes While Attack Continues
By around 9 PM PDT on April 16, Bluesky reported that the platform had stabilized despite the continued presence of DDoS traffic. The company noted:
“The application has remained stable since approximately 9 PM PDT, April 16 despite ongoing Distributed Denial-of-Service (DDoS) attacks. We have not seen any evidence of unauthorized access to private user data.”
This message was reiterated in subsequent updates, reinforcing the company’s position that user data remained secure. In its final communication on the incident, Bluesky stated:
“The application has remained stable since the evening of April 16 and we have seen no evidence of unauthorized access to private user data. Given the ongoing stability, this will be our final update.”
Attribution Remains Unclear as Platform Continues to Grow
The company has not officially attributed the attack to any specific group or actor. However, a group identifying itself as “313 Team,” reportedly claimed responsibility through a Telegram message, stating that it had carried out a “massive cyberattack” targeting Bluesky’s application programming interface (API).
The incident comes amid a period of significant growth for the platform. Since its inception, Bluesky has expanded to approximately 43.7 million users, driven in part by users migrating from X following political developments in the United States.
