Experts have warned of the perils of relying on a small number of companies for operating the global internet after a glitch at Amazon’s cloud computing service brought down apps and websites around the world.
The affected platforms included Snapchat, Roblox, Signal and Duolingo as well as a host of Amazon-owned operations including its main retail site and the Ring doorbell company.
More than 2,000 companies worldwide have been affected, according to Downdetector, a site that monitors internet outages, with 8.1m reports of problems from users including 1.9m reports in the US, 1m in the UK and 418,000 in Australia.
In the UK, Lloyds bank was affected, as well as its subsidiaries Halifax and Bank of Scotland, while there were also problems accessing the HM Revenue and Customs website on Monday morning. Also in the UK, Ring users complained on social media that their doorbells were not working.
In the UK alone, reports of problems on individual apps ran into the tens of thousands for each platform. Other affected platforms around the world included Wordle, Coinbase, Duolingo, Slack, Pokémon Go, Epic Games, PlayStation Network and Peloton.
By 10.30am UK time, Amazon was reporting that the problem, which first emerged at about 8am, was being resolved as AWS was “seeing significant signs of recovery”.
However, after reporting further positive progress by late morning in the UK, Amazon still appeared to be struggling to overcome the glitch this afternoon as it acknowledged it was still experiencing elevated errors.
“We can confirm significant API errors and connectivity issues across multiple services … We are investigating,” AWS said in an update around 7am Pacific time and 3pm UK time.
To aid the recovery, AWS said it was putting in place limits on the number of requests that could be made on its platform.
Experts said the outage underlined the dangers of the internet’s reliance on a small number of tech companies, with Amazon, Microsoft and Google playing a key role in the cloud market.
Dr Corinne Cath-Speth, the head of digital at human rights organisation Article 19, said: “We urgently need diversification in cloud computing. The infrastructure underpinning democratic discourse, independent journalism and secure communications cannot be dependent on a handful of companies.”
Cori Crider, the executive director of the Future of Technology Institute, a thinktank that supports a sovereign technology framework for Europe, said: “The UK can’t keep leaving its critical infrastructure at the mercy of US tech giants. With Amazon Web Services down, we’ve seen the lights go out across the modern economy – from banking to communications.”
Madeline Carr, professor of global politics and cybersecurity at University College London, said it was “hard to disagree” with warnings about the over-reliance of the global internet on a small number of companies.
“The counter-argument is that it’s these large hyper-scaling companies that have the financial resources to provide a secure, global and resilient service. But most people outside those companies would argue that is a risky position for the world to be in.”
Last year, airports, healthcare services and businesses worldwide were hit by the “largest outage in history”, caused by a botched software upgrade from cybersecurity company CrowdStrike that hit Microsoft’s Windows operating system.
Amazon reported that the problem on Monday originated in the east coast of the US at Amazon Web Services, a unit that provides vital web infrastructure for a host of companies, which rent out space on Amazon servers. AWS is the world’s largest cloud computing platform.
Shortly after midnight (PDT) in the US (8am BST) on Monday, Amazon confirmed “increased error rates and latencies” for AWS services in a region on the east coast of the US. The ripple effect hit services around the world, with Downdetector reporting problems with the same sites in multiple continents.
Cisco’s Thousand Eyes, a service that tracks internet outages, also reported a surge in problems on Monday morning, with many of them located in Virginia, the location of Amazon’s US-East-1 region, where AWS said the problems began and where AWS has a number of datacentres.
Experts said the outage appeared to be an IT issue rather than a cyber-attack. AWS’s online health dashboard referred to DynamoDB, its database system where AWS customers store their data. Amazon appeared to rule out foul play, saying the root cause was an internal subsystem responsible for monitoring its load balancers, which prevent traffic from overloading its servers.
“The incident appears to have been caused by some accident within AWS, rather than being the result of any malicious intent,” said Steven Murdoch, a professor of security engineering at University College London.
The UK government has said it is in contact with Amazon over the outage.
A spokesperson said: “We are aware of an incident affecting Amazon Web Services, and several online services which rely on their infrastructure. Through our established incident response arrangements, we are in contact with the company, who are working to restore services as quickly as possible.”
The House of Commons’ treasury committee in the UK has written to the economic secretary to the Treasury, Lucy Rigby, to ask why the government had not yet designated Amazon a “critical third party” to the UK’s financial services sector – which would expose the tech firm to financial regulatory oversight.
The committee chair, Meg Hillier, pointed out that Amazon had recently told the committee that financial services customers were using AWS to support their “resilience” and that AWS offered “multiple layers of protection”.
