The Cloudflare outage came less than one month after another widespread outage caused by AWS, which has payment industry leaders questioning how they can future proof their systems before these down periods take place.
Yesterday (November 18) saw several high-profile websites and apps go down for extensive amounts of times due to a failure within Cloudflare’s infrastructure.
Apps such as X and ChatGPT were unavailable for several hours, but the Cloudflare outage also affected the financial industry as crypto exchanges such as Coinbase and Kraken suffered interruptions, as well as credit agency Moody’s and online broker xTrade.
This mirrors a similar outage which occurred in October when Amazon Web Services (AWS) went down, causing banking apps like Lloyd’s, Halifax and financial apps such as Robinhood to suffer short outages.
“On 18 November 2025 at 11:20 UTC, Cloudflare’s network began experiencing significant failures to deliver core network traffic,” said Cloudflare in a blog post statement. “This showed up to Internet users trying to access our customers’ sites as an error page indicating a failure within Cloudflare’s network.”
In the statement issued yesterday, Cloudflare revealed the outage was the result of a change to one of its database systems’ permissions, causing its database to output multiple entries into a “feature file” doubling in size largely used by many of its partnering networks.
“After we initially wrongly suspected the symptoms we were seeing were caused by a hyper-scale DDoS attack, we correctly identified the core issue and were able to stop the propagation of the larger-than-expected feature file and replace it with an earlier version of the file.”
Cloudflare confirmed core traffic was “largely flowing as normal” by 14:30 UTC and worked over the next several hours to mitigate increased loads on various parts of its network as traffic resumed as normal. All Cloudflare network systems functioned back to normal by 17:06 UTC.
“We are sorry for the impact to our customers and to the Internet in general. Given Cloudflare’s importance in the Internet ecosystem any outage of any of our systems is unacceptable. That there was a period of time where our network was not able to route traffic is deeply painful to every member of our team. We know we let you down today.”
Payments industry reaction
Despite many banking and payments apps primarily running on AWS’ network, evident in the outage last month, Square was one of the largest financial institutions to be affected by the Cloudflare outage.
According to Downdetector, reports from Square customers rose from six at 12:06pm UTC, to as high as 19 at 2:04pm UTC.
Square, a subsidiary of Block which also owns Cash App, will have caused disturbance to customers attempting to perform a payment during a down period, which can have profound effects on customer loyalty.
With two-profile internet outages in the past two months, this continues to raise alarm bells on alternatives companies from within the financial services industry can come up with to mitigate these down periods.
Fadl Mantash, Chief Information Security Officer, Tribe Payments, believes the latest outage highlights “how vulnerable the digital economy has become” and why the payments industry needs to instill a ‘prepper’ mindset.
“When a single upstream provider experiences issues, the impact doesn’t stay contained; it cascades across industries, touching everything from social media platforms to e-commerce checkouts and backend payment services,” said Mantash.
“This is exactly why resilience can’t start at the moment of crisis. The payments industry needs to adopt the ‘prepper’ mindset – building modular systems that isolate faults, rehearsing failure scenarios, and ensuring teams know precisely how to respond when something goes down. This also reflects the importance of adhering to robust frameworks in our day-to-day activities.
“As a highly regulated industry, the many compliance frameworks provide critical guarantees that cover not just security, but also resilience against incidents.”
Hybrid cloud networks to future proof systems?
For Martin Nilsson, Chief Product Officer at ITRS, the Cloudflare outage shows a lack of willingness from not just financial service companies, but all companies reliant on an interconnected network, to think beyond potential risks before the outage takes place.
Nilsson told Payment Expert these companies need to adopt third-party hybrid-cloud networks as a back up plan in the event of such internet outages.
“Following the AWS outage just a few weeks ago, this latest incident shows that online services are far more vulnerable to IT disruption than we might think,” said Nilsson.
“Today’s IT systems are deeply interconnected: an issue with one infrastructure provider can have ripple effects across the entire ecosystem, bringing critical services to a standstill. This is especially important under new regulations such as DORA, which mandates businesses to take responsibility for third-party ICT risk as well as their own.
“The truth is that most organisations only discover their blind spots during an outage, and having full visibility across hybrid-cloud environments is now absolutely vital.”