Cyber Incident Victim: Mastodon
Date:
Apr 2026
Location:
Germany
Summary
Mastodon experienced a distributed denial‑of‑service attack that overwhelmed its flagship server, causing a major outage that began in the early afternoon and was mitigated within three hours, restoring access before the next day when the attack ceased and normal operations resumed. The incident followed a similar disruption of Bluesky, for which a self‑described pro‑Iran hacktivist group claimed responsibility, though no group has claimed the attack on the platform; both services grew as decentralized alternatives after changes to X.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 20, 2026, a distributed denial-of-service attack was launched against Mastodon.social, the flagship server of the Mastodon platform. The attack began around 1 PM local time and was classified by Mastodon as a major outage. By 4 PM the same day, mitigations had been deployed and the service became accessible again. An update posted on April 21 at 11 AM indicated that the attack had ceased and normal operations were restored.
Mastodon’s status page was used to communicate the timeline of the incident and the status of mitigation efforts. No public claim of responsibility for the Mastodon attack was observed, unlike the earlier Bluesky incident where a group called 313 Team asserted involvement. The Bluesky attack, which occurred just days prior, was described by that platform as a sophisticated attack and was also attributed to the same unverified claim by 313 Team. The Mastodon attack followed a similar disruption of Bluesky just days earlier.
Both Mastodon and Bluesky experienced increased user adoption after Elon Musk’s acquisition of X, formerly Twitter. Users migrated to these platforms seeking decentralized alternatives that avoid top‑down control, unpredictable algorithms, and erratic moderation. The DDoS attack on Mastodon lasted approximately three hours before mitigation restored access, with full normalization reported the following morning.