![Apple Releases iOS 18.4 RC 2 and iPadOS 18.4 RC 2 to Developers [Download]](https://www.iclarified.com/images/news/96860/96860/96860-640.jpg)
![Amazon Drops Renewed iPhone 15 Pro Max to $762 [Big Spring Deal]](https://www.iclarified.com/images/news/96858/96858/96858-640.jpg)
![[The AI Show Episode 141]: Road to AGI (and Beyond) #1 — The AI Timeline is Accelerating](https://www.marketingaiinstitute.com/hubfs/ep%20141.1.png)
![[The AI Show Episode 140]: New AGI Warnings, OpenAI Suggests Government Policy, Sam Altman Teases Creative Writing Model, Claude Web Search & Apple’s AI Woes](https://www.marketingaiinstitute.com/hubfs/ep%20140%20cover.png)
![[The AI Show Episode 139]: The Government Knows AGI Is Coming, Superintelligence Strategy, OpenAI’s $20,000 Per Month Agents & Top 100 Gen AI Apps](https://www.marketingaiinstitute.com/hubfs/ep%20139%20cover-2.png)
![From broke musician to working dev. How college drop-out Ryan Furrer taught himself to code [Podcast #166]](https://cdn.hashnode.com/res/hashnode/image/upload/v1743189826063/2080cde4-6fc0-46fb-b98d-b3d59841e8c4.png?#)
![[FREE EBOOKS] The Ultimate Linux Shell Scripting Guide, Artificial Intelligence for Cybersecurity & Four More Best Selling Titles](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![Mini Review: Rendering Ranger: R2 [Rewind] (Switch) - A Novel Run 'N' Gun/Shooter Hybrid That's Finally Affordable](https://images.nintendolife.com/0e9d68643dde0/large.jpg?#)
.jpg?#)
.png?#)
Cloudflare Attributes Recent Service Outage to Password Rotation Error
A credential rotation error led to widespread service disruptions across multiple Cloudflare products on March 21, 2025, affecting customers globally for over an hour. The company disclosed that 100% of write operations and approximately 35% of read operations to their R2 object storage service failed during the incident window that lasted 1 hour and 7 […] The post Cloudflare Attributes Recent Service Outage to Password Rotation Error appeared first on Cyber Security News.
A credential rotation error led to widespread service disruptions across multiple Cloudflare products on March 21, 2025, affecting customers globally for over an hour.
The company disclosed that 100% of write operations and approximately 35% of read operations to their R2 object storage service failed during the incident window that lasted 1 hour and 7 minutes.
During a routine security rotation, engineers unintentionally deployed new authentication credentials to a development environment rather than production, causing the outage.
When the old credentials were subsequently deleted from their storage infrastructure, the production R2 Gateway service—which serves as the API frontend—lost authentication access to backend systems.
Stop attacks before they start, powered by a 97% precise neural Network to Detect Cyber Attacks
“This incident happened because of human error and lasted longer than it should have because we didn’t have proper visibility into which credentials were being used by the Gateway Worker to authenticate with our storage infrastructure,” Cloudflare explained in their incident report.
Cloudflare Service Disruption
The technical error stemmed from the omission of a critical command-line parameter.
Engineers executing the wrangler secret put and wrangler deploy commands failed to include the –env production flag, causing credentials to be deployed to a non-production Worker instead of the intended production environment.
When the previous credentials were removed, authentication failures cascaded across services.
Beyond R2 object storage, the outage impacted numerous dependent services. Cache Reserve customers experienced increased origin traffic as cached objects became unavailable.
Images and Stream services saw 100% failure rates for uploads, with delivery rates dropping to approximately 25% and 94%, respectively.
Vectorize, Cloudflare’s vector database, experienced 75% query failure rates and complete failure for insert operations.
The ripple effects extended to Email Security, Billing, Key Transparency Auditor, and Log Delivery services, with the latter experiencing up to 70-minute delays in processing.
Cloudflare’s engineering team identified the root cause at 22:36 UTC—nearly an hour after the impact began and restored service by deploying credentials to the correct production Worker at 22:45 UTC.
Ongoing Improvements
To prevent recurrence, Cloudflare has implemented several technical and procedural changes, including:
- Enhanced logging that explicitly identifies credential IDs used for authentication
- Procedural requirements to verify credential usage before decommissioning old credentials
- Mandatory use of automated hotfix release tooling rather than manual command entry
- Explicit requirement for dual-human validation during credential rotation processes
- Development of closed-loop health checks to validate credential propagation before releases
This incident follows another hour-long Cloudflare outage in February when an employee mistakenly disabled the entire R2 Gateway service while attempting to block a phishing URL.
Security researchers reporting the February event pointed out that the outage was caused by a lack of controls and validation checks for high-impact operations.
The recurring nature of configuration-related outages underscores the industry-wide challenge of managing complex cloud infrastructure while maintaining rigorous security practices like credential rotation.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
The post Cloudflare Attributes Recent Service Outage to Password Rotation Error appeared first on Cyber Security News.
