Mastodon's primary server, mastodon.social, faced a DDoS attack Monday that temporarily disrupted access for users. The incident, described by communications head Andy Piper as a "major" event, caused instability early Monday before countermeasures restored partial functionality. Piper acknowledged "some ongoing instability is a possibility" as the nonprofit platform recovered. The attack targeted the largest server in Mastodon's federated network, leaving smaller instances potentially unaffected.

The targeting of Mastodon follows a pattern of assaults on decentralized platforms. Just days prior, Bluesky experienced a similar DDoS incident that knocked parts of its service offline for hours. While Bluesky reported no data breaches, its status page later showed "elevated errors and timeouts" on Monday, suggesting lingering vulnerabilities. Both platforms operate without centralized servers, making them uniquely susceptible to such attacks. Mastodon's nonprofit model and open-source nature may amplify its appeal as a target for adversaries seeking to disrupt decentralized ecosystems.

The attacks highlight growing risks for federated social networks. Unlike traditional platforms, Mastodon and Bluesky lack centralized infrastructure to absorb volumetric assaults. Users on these platforms face heightened uncertainty about service reliability, even as operators work to mitigate threats. Mastodon's experience underscores the need for robust DDoS defenses in decentralized systems, where outages affect all users simultaneously. The nonprofit's resilience during recovery offers a case study in managing cyberattacks without centralized control.