Published Date: 2019-03-13
| Postmortem Analysis | |
|---|---|
| Timeline | 1. The software failure incident happened in October 2021 [Article 82568]. 2. The incident occurred on October 4, 2021. |
| System | 1. Facebook's network of servers [81944] 2. Facebook's core servers [119613] 3. Facebook's back-end infrastructure [119618] 4. Facebook's program audit tool [119760] |
| Responsible Organization | 1. A Facebook staff member who accidentally deleted large sections of the code [Article 119613] 2. Facebook's program audit tool that had a bug and failed to stop the command that caused the outage [Article 119760] |
| Impacted Organization | 1. Facebook 2. Instagram 3. WhatsApp 4. Facebook Messenger 5. Oculus 6. Meta's servers 7. Meta's back-end systems 8. Meta's platforms 9. Meta's infrastructure 10. Meta's internal tools 11. Meta's employees' access to tools 12. Meta's employees' work passes 13. Meta's internal email 14. Meta's advertising revenue 15. Meta's data centres 16. Meta's network traffic 17. Meta's data centres' communication 18. Meta's data centres' network traffic coordination 19. Meta's data centres' backbone routers 20. Meta's data centres' configuration changes 21. Meta's data centres' internet access [CNN, BBC, BBC, BBC, BBC, BBC, BBC, BBC, BBC, BBC, BBC, BBC, BBC, BBC, BBC, BBC, BBC, BBC, BBC, BBC, BBC] |
| Software Causes | 1. A faulty update that was sent to Facebook's core servers, effectively disconnecting them from the internet [119613] 2. A bug in Facebook's program audit tool that failed to stop a command causing the outage [119760] 3. Human error, potentially due to lower staffing in data centers [119618, 119759, 119782, 120777] |
| Non-software Causes | 1. The outage at Facebook was caused by a 'database overload' on its network of servers, potentially due to internal complications and changes in infrastructure [81944]. 2. The outage was exacerbated by lower staffing in data centers due to pandemic measures, making it difficult for engineers to physically access the data centers to resolve the issue [119613, 119618]. 3. The outage was also prolonged due to a bug in Facebook's program audit tool that failed to stop the command causing the outage, leading to further disruptions within the company [119760]. 4. The outage may have been an operational issue caused by human error, as running a large distributed system like Facebook's is challenging, even for the best in the field [119782]. 5. The outage was part of a spate of recent outages in big tech firms, highlighting the risks of massive centralization and the critical dependency on a single company for infrastructure services [120777]. |
| Impacts | 1. The software failure incident caused a massive global outage affecting Facebook, Instagram, WhatsApp, and Facebook Messenger for almost seven hours, disrupting network traffic and blocking communication between data centers [Article 119613]. 2. The outage led to 10.6 million problem reports worldwide, making it the biggest failure reported by Downdetector [Article 119613]. 3. The failure resulted in employees losing access to internal tools, including email and work passes, causing disruption to their work [Article 119760]. 4. The outage had a knock-on effect on individuals and businesses globally, highlighting the dependence on Facebook services for communication and access to other platforms [Article 119613]. 5. The incident raised questions about internet infrastructure and the need for alternative credentials beyond Facebook log-in details for accessing online services [Article 119613]. |
| Preventions | 1. Implementing a more reliable decentralized system to avoid putting all critical services on the same servers [Article 119613]. 2. Improving internal security procedures to prevent accidental deletion of critical code by staff members [Article 119613]. 3. Enhancing network monitoring and analysis to quickly identify internal complications and errors within the system [Article 81944]. 4. Ensuring robust configuration management practices to prevent disruptive changes to backbone routers and network infrastructure [Article 119613]. 5. Increasing staffing levels in data centers to facilitate quicker response and resolution of issues [Article 119618]. 6. Conducting thorough software testing and audits to catch bugs and prevent unintended consequences of updates to the network infrastructure [Article 119618]. 7. Addressing human error through better training, reducing pressure on staff, and avoiding shortcuts that can lead to system failures [Article 120777]. |
| Fixes | 1. The software failure incident at Facebook could be fixed by implementing a more reliable decentralized system that doesn't put all the services on the same servers [119613]. 2. Facebook could address the issue by ensuring proper staffing in data centers to handle and resolve such incidents promptly [119618]. 3. To prevent similar incidents in the future, Facebook could focus on mitigating human errors and software bugs that may lead to outages [119618]. 4. Upgrading and modernizing the infrastructure and systems that support Facebook, Instagram, and WhatsApp could help prevent future outages caused by outdated systems [120777]. | References | 1. San Francisco-based internet monitoring firm Thousand Eyes [81944, 81944] 2. Troy Mursch, a security researcher who runs Bad Packets Report [81944] 3. Sheera Frenkel, a tech reporter for the New York Times [119613, 119759] 4. Software testing expert, Adam Leon Smith of BCS, The Chartered Institute for IT [119613] 5. Insider posting on Reddit [119618] 6. Reuters news agency [119618] 7. Mike Proulx, an analyst for research company Forrester [119759] 8. Santosh Janardhan, Facebook's infrastructure vice-president [119760] 9. Doug Madory, director of internet analysis for Kentik Inc [119782] 10. Mr. Hodgson, cyber security expert [120777] 11. Gav Winter, CEO of website performance and cybersecurity firm RapidSpike.com [120777] |
| Category | Option | Rationale |
|---|---|---|
| Recurring | one_organization, multiple_organization | (a) The software failure incident having happened again at one_organization: - Facebook and Instagram crashed for the second time in a month [Article 120777]. - The outage was further exacerbated because large numbers of staff are still working from home in the wake of Covid, meaning it took longer for them to get to the data centers [Article 119613]. - The outage illustrated the advantage of having a 'more reliable' decentralized system that doesn't put 'all the eggs in one basket' [Article 119613]. (b) The software failure incident having happened again at multiple_organization: - Along with the Fastly outage in June and Cloudflare going offline in 2020, it shows the problem of having a single point of failure for a huge number of services that people use [Article 119613]. - Experts mentioned that many companies, including Meta, have centralized back-end systems which means there is a single point of failure [Article 120777]. |
| Phase (Design/Operation) | design, operation | (a) The software failure incident related to the design phase: - The outage at Facebook was attributed to a 'database overload' on its network of servers, potentially caused by internal complications such as updates to the network's infrastructure leading to unintended consequences [81944]. - It was suggested that a Facebook staff member may have accidentally deleted large sections of the code which keeps the website online, indicating a potential issue with system updates or procedures [119613]. - Facebook's program audit tool had a bug that failed to stop the command causing the outage, highlighting a failure in the development phase [119760]. (b) The software failure incident related to the operation phase: - The outage was exacerbated by large numbers of staff working from home, leading to delays in accessing data centers and fixing the servers, indicating issues with the operation of the system [119613]. - The outage was further delayed due to lower staffing in data centers because of pandemic measures, affecting the operation of the system [119618]. - The outage was prolonged because the people trying to identify the problem couldn't physically access the building, impacting the operation and maintenance of the system [119759]. |
| Boundary (Internal/External) | within_system, outside_system | (a) within_system: The software failure incident was primarily attributed to factors originating from within the system. Facebook mentioned a 'database overload' on its network of servers as a potential cause, which could be due to internal complications [81944]. Additionally, Facebook's infrastructure vice-president stated that a program audit tool had a bug that failed to stop the command causing the outage, leading to employees losing access to internal tools [119760]. Experts also highlighted that running a large distributed system like Facebook's is challenging, even for the best, indicating internal operational issues [119782]. (b) outside_system: There were speculations and theories about external factors such as a DDoS attack or an accidental BGP routing leak from a European ISP causing the outage [81944]. However, experts and insiders suggested that the outage was more likely an operational issue caused by human error within Facebook, rather than an external cyber attack [119613, 119618]. The outage was further exacerbated by lower staffing in data centers due to pandemic measures, indicating internal challenges rather than external attacks [119618, 119759]. |
| Nature (Human/Non-human) | non-human_actions, human_actions | (a) The software failure incident occurring due to non-human actions: - The outage at Facebook was initially speculated to be the result of a distributed denial-of-service (DDoS) attack, but experts were not convinced by this theory and suggested that the problems originated inside the firm [Article 81944]. - The outage was also attributed to potential internal complications such as a 'database overload' on Facebook's network of servers, which could have been caused by a range of internal issues [Article 81944]. - Facebook's program audit tool had a bug that failed to stop the command causing the outage, leading to internal tools being inaccessible, including those used to correct such issues [Article 119760]. (b) The software failure incident occurring due to human actions: - Speculation arose about the outage being caused by an accidental deletion of code by a Facebook staff member, leading to large sections of the code keeping the website online being deleted [Article 119613]. - The outage was further exacerbated by lower staffing in data centers due to pandemic measures, which delayed the repair process [Article 119618]. - The outage was also attributed to human error, with experts suggesting that running a large distributed system like Facebook's is very challenging, even for the best, and can lead to operational issues caused by human error [Article 119782]. |
| Dimension (Hardware/Software) | hardware, software | (a) The software failure incident occurring due to hardware: - The outage at Facebook was initially attributed to a 'database overload' on the network of servers, which could have been caused by internal complications related to the hardware within the company [81944]. - One theory suggested that an internet service provider in Europe misdirected traffic from Facebook, leading to the problem spreading across the internet, akin to a traffic misdirection scenario [81944]. - The outage was further exacerbated by lower staffing in data centers due to pandemic measures, making it challenging for staff to physically access the data centers and resolve the issue [119618]. - The outage was described as an operational issue caused by human error, indicating the challenges of running a large distributed system, even for top companies like Facebook [119782]. (b) The software failure incident occurring due to software: - The outage was speculated to be a result of a distributed denial-of-service (DDoS) attack, although Facebook denied this and experts were not convinced by the hack attack theory, suggesting the problem originated inside the firm [81944]. - The outage was potentially caused by updates to the network's infrastructure leading to unintended consequences, indicating a software-related issue [119613]. - A Facebook staff member may have accidentally deleted large sections of the code keeping the website online, pointing towards a software-related mistake rather than intentional sabotage [119613]. - The outage was described as potentially being due to a software bug or simple human error, with conspiracy theories circulating about deliberate foul play from a Facebook insider [119759]. |
| Objective (Malicious/Non-malicious) | malicious, non-malicious | (a) The articles suggest that the software failure incident was potentially malicious, with theories of deliberate foul play from a Facebook insider [Article 119759]. There were also mentions of the possibility of sabotage by an insider, although it was viewed as less likely compared to other explanations [Article 119613]. Additionally, the articles discussed the potential for a cyber attack, such as a denial-of-service attack, which could overwhelm a popular site like Facebook [Article 119613]. (b) On the non-malicious side, the incident was attributed to operational issues caused by human error [Article 119782]. There were discussions about the challenges of running a large distributed system and the complexities involved, highlighting the possibility of human error leading to such outages [Article 119782]. The outage was ultimately blamed on a faulty update that disconnected Meta's servers from the internet, indicating a non-malicious cause [Article 120777]. |
| Intent (Poor/Accidental Decisions) | accidental_decisions | (a) poor_decisions: The incident was not attributed to poor decisions but rather to factors like accidental deletion of code, configuration changes, and a bug in the program audit tool [119613, 119618, 119760]. (b) accidental_decisions: The incident was primarily attributed to accidental decisions or mistakes, such as accidental deletion of code, configuration changes, and a bug in the program audit tool, rather than deliberate sabotage or intentional actions [119613, 119618, 119760]. |
| Capability (Incompetence/Accidental) | development_incompetence, accidental | (a) development_incompetence: The outage at Facebook was speculated to be caused by a 'database overload' on its network of servers, potentially due to internal complications arising from continuous changes made to applications and infrastructure, leading to things breaking even in capable hands [81944]. Additionally, it was mentioned that the outage could have been caused by a bug in Facebook's program audit tool that failed to stop a command, resulting in the outage [119760]. (b) accidental: The outage at Facebook was suggested to have been caused by accidental deletion of large sections of the code that keeps the website online by a Facebook staff member [119613]. Furthermore, it was mentioned that the outage could have been an operational issue caused by human error, as running a large distributed system like Facebook's is very challenging, even for the best, highlighting the difficulty of maintaining such systems [119782]. |
| Duration | temporary | (a) The articles suggest that the software failure incident was temporary rather than permanent. The outage experienced by Facebook, Instagram, and WhatsApp was not a permanent failure but rather a temporary disruption caused by various contributing factors such as internal complications, database overload, network infrastructure updates, hardware issues, and potential configuration errors [81944, 82568, 119613, 119618, 119759, 119782, 120777]. The incident lasted for a specific period, and efforts were made to restore the services, indicating a temporary nature of the failure. |
| Behaviour | crash, omission, timing, other | (a) crash: The articles mention the possibility of a crash due to a 'database overload' on Facebook's network of servers, leading to the outage [81944]. It is also suggested that the outage could have been caused by a configuration error, potentially resulting from an internal mistake [119618]. (b) omission: The incident could have been caused by an omission where a Facebook staff member may have accidentally deleted large sections of the code keeping the website online [119613]. Additionally, the failure of key internet players like Facebook to provide necessary information led to the omission of connecting to their sites [119759]. (c) timing: The outage could be related to timing issues as Facebook's engineering teams identified 'configuration changes' to its backbone routers that brought its services to a halt [119613]. (d) value: There is no specific mention of the software failure incident being related to the system performing its intended functions incorrectly. (e) byzantine: The incident does not seem to exhibit behaviors of a byzantine failure. (f) other: The incident could be attributed to human error, operational issues, or a software bug lurking in the shadows [119618, 119782]. The outage is also linked to a centralised back-end system with a single point of failure affecting multiple platforms [120777]. |
| Layer | Option | Rationale |
|---|---|---|
| Perception | None | None |
| Communication | None | None |
| Application | None | None |
| Category | Option | Rationale |
|---|---|---|
| Consequence | basic, property, delay, non-human, theoretical_consequence, other | (a) death: People lost their lives due to the software failure - No information about people losing their lives due to the software failure was mentioned in the articles. (b) harm: People were physically harmed due to the software failure - No information about people being physically harmed due to the software failure was mentioned in the articles. (c) basic: People's access to food or shelter was impacted because of the software failure - The outage impacted small businesses in the developing world without other reliable ways to communicate with customers, potentially causing serious problems [Article 119759]. (d) property: People's material goods, money, or data was impacted due to the software failure - The outage highlighted how much individuals and businesses rely on Facebook and its services for communication, business success, and accessing other online platforms [Article 119782]. (e) delay: People had to postpone an activity due to the software failure - The outage caused inconvenience for many individuals and businesses, with some having to wait for a small team in California to fix the issue [Article 119775]. (f) non-human: Non-human entities were impacted due to the software failure - The outage affected businesses across the globe, with some relying on WhatsApp for remote work communication [Article 119759]. (g) no_consequence: There were no real observed consequences of the software failure - The outage had real consequences, such as impacting businesses and individuals' reliance on Facebook and its services [Article 119782]. (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur - The articles discussed potential consequences such as the outage reigniting the debate around internet infrastructure, fears of a cyber attack, and the impact on society [Article 119613, Article 119618, Article 119775, Article 120777]. (i) other: Was there consequence(s) of the software failure not described in the (a to h) options? What is the other consequence(s)? - The outage made individuals vulnerable to criminals taking advantage of the situation due to their reliance on social media platforms for communication [Article 119782]. |
| Domain | information, sales, finance, knowledge, entertainment | (a) The software failure incident affected the production and distribution of information as it caused a major outage of Facebook and its associated services like Instagram, WhatsApp, and Facebook Messenger, impacting billions of users worldwide who rely on these platforms for communication and connectivity [Article 119613, Article 119782]. (b) The transportation industry was not directly mentioned in the articles as being impacted by the software failure incident. (c) The natural resources industry was not directly mentioned in the articles as being impacted by the software failure incident. (d) The sales industry was indirectly impacted as businesses relying on Facebook's services likely lost significant sums of money during the outage, although specific cost estimates were not provided [Article 119613]. (e) The construction industry was not directly mentioned in the articles as being impacted by the software failure incident. (f) The manufacturing industry was not directly mentioned in the articles as being impacted by the software failure incident. (g) The utilities industry was not directly mentioned in the articles as being impacted by the software failure incident. (h) The finance industry was indirectly impacted as businesses relying on Facebook's services are likely to have faced financial losses during the outage, with estimates suggesting a global economic cost of $160 million [Article 119613]. (i) The knowledge industry, encompassing education and research, was indirectly impacted as the outage disrupted communication and connectivity for individuals and businesses, highlighting the dependence on Facebook and its services for various online activities [Article 119613]. (j) The health industry was not directly mentioned in the articles as being impacted by the software failure incident. (k) The entertainment industry was indirectly impacted as the outage affected platforms like Oculus, which is used for entertainment purposes, and highlighted the critical role Facebook plays in connecting people and communities online [Article 119613, Article 119782]. (l) The government industry was not directly mentioned in the articles as being impacted by the software failure incident. (m) The software failure incident was related to the technology industry, specifically affecting Facebook's services and highlighting the challenges of centralization and reliance on a single platform for critical communication and connectivity needs [Article 119613, Article 120777]. |
Article ID: 119618
Article ID: 120234
Article ID: 120777
Article ID: 82568
Article ID: 119775
Article ID: 119782
Article ID: 119760
Article ID: 119759
Article ID: 119613
Article ID: 81944