Decentralized social media platform Mastodon was targeted in a major distributed denial-of-service (DDoS) attack shortly after a similar incident affected Bluesky, highlighting a growing pattern of attacks on emerging social networks.
The attack specifically targeted Mastodon’s flagship server, mastodon.social, causing what the company described as a “major outage.” The disruption began on April 20 and impacted user access for several hours before mitigation measures were deployed and services were gradually restored.
By April 21, Mastodon confirmed that the attack had subsided and normal operations had resumed. Despite the severity of the incident, the platform was able to contain the impact relatively quickly, restoring accessibility within a few hours of implementing countermeasures.
The incident follows closely after Bluesky experienced a prolonged DDoS attack that disrupted its services for nearly a full day. While a hacktivist group known as “313 Team” claimed responsibility for the Bluesky attack, no verified attribution has been made for the Mastodon incident.
DDoS attacks function by overwhelming servers with massive volumes of malicious traffic, leading to service outages rather than data breaches. The back-to-back attacks on Bluesky and Mastodon underscore the increasing focus of threat actors on decentralized platforms, where service disruption can impact large user bases even without compromising data.
The events highlight the evolving cybersecurity challenges for decentralized social networks, where infrastructure resilience is becoming critical as these platforms continue to scale and attract more users.
 attack shortly after a similar){kind=link}