Bluesky, an increasingly popular alternative to Twitter, has returned to normal operations following a significant disruption stemming from a multi-day outage. The issue began on April 15, 2026, around 11:40 PM PDT, when users experienced halted feed updates. By daybreak, functionality deteriorated further, with users unable to receive notifications, search content, or access threads on the platform.
In an official announcement, Bluesky attributed the service interruptions to a Distributed Denial-of-Service (DDoS) attack. This type of cyber assault involves overwhelming the site’s Application Programming Interface (API) with excessive traffic, effectively disrupting communication between users’ devices and the platform’s servers. As a result, millions were left without access to the site.
Throughout the outage, Bluesky maintained a low-profile communication strategy, updating users on X.com with a message indicating they were addressing service interruptions. Their immediate efforts were focused on stabilizing the platform in light of the attack, which they characterized as sophisticated and escalating.
Identifying the Attackers
While Bluesky refrained from speculating about the identity of the attackers, a group known as the 313 Team, also referred to as the Islamic Cyber Resistance based in Iraq, claimed responsibility via channels on Telegram. This group has a history of targeting online platforms perceived to support U.S. or Israeli interests.
Notably, the 313 Team has links to Iran and has focused its operations on various platforms, including a subsequent attack on mastodon.social on April 20, 2026. However, due to its decentralized server architecture, Mastodon was less affected than Bluesky was during the initial attack.
This group has shown an inclination toward disrupting services for publicity rather than data theft, contrasting with other attacker factions that prioritize data exfiltration. Over the past month, the 313 Team also targeted government websites in Bahrain and has been known to boast about their exploits across social media.
Implications for Data Security
The DDoS attack raises essential concerns regarding the security of personal information among Bluesky’s user base, which exceeds 43.7 million. However, DDoS attacks typically aim to incapacitate service rather than infiltrate systems, alleviating fears regarding personal data breaches. Bluesky confirmed on April 18 that there was “no evidence of unauthorized access to private user data,” reinforcing user assurances.
By April 20, Bluesky announced that the application had stabilized, marking the conclusion of the service disruption. Despite ongoing attacks, the platform’s cybersecurity team managed to contain the influx of malicious traffic, restoring normal operations and indicating that the immediate threat had subsided.