Sign in

A Day the Internet Stood Still: Lessons from the 12 June 2025 Outages

A Day the Internet Stood Still: Lessons from the 12 June 2025 Outages

I must confess I've always imagined that a single day could teach so much about our industry’s hidden fragilities, which is becoming exceedingly more common as the complexity and fragility of infrastructure and "the internet" grows more frequent.

The irony doesn’t go unnoticed: the internet’s original architecture by ARPANET, influenced by Paul Baran’s 1964 proposal for a distributed communications network that could survive nuclear war, was all about resilience. Yet today, we’re often just one policy push or storage outage away from digital gridlock (What is ARPANET?).

On 12 June 2025, around half the online world seemed to pause as major platforms from GitHub to Spotify all reported access issues. It turned out the two biggest fail‑points were Cloudflare’s reliance on a third‑party storage provider and a software bug deep within Google Cloud’s service control layer (businessinsider.com).

Cloudflare’s Workers KV Collapse

At precisely 17:52 UTC, the first alerts fired: registrations of new WARP devices began failing, and within minutes it became clear Workers KV: Cloudflare’s central key‑value store, was unreachable. Because so many services (Workers AI, Gateway, Access, Images, Stream and more) depend on KV for their configuration, authentication and asset retrieval, most of Cloudflare’s Zero Trust and dashboard functionality failed closed. The outage persisted for 2 hours and 28 minutes before the third‑party storage provider restored service and traffic began flowing again (blog.cloudflare.com).

Cloudflare’s post‑mortem makes a candid admission: although KV is billed as “coreless” and globally distributed, its implementation relied on a single central store - an Achilles’ heel that went unnoticed until that afternoon. As they note, this was not a security incident and no data was lost, yet the blast radius was enormous simply because too many critical systems had a single hidden dependency (blog.cloudflare.com).

Google Cloud’s Null Pointer Nightmare

Even as Cloudflare teams scrambled, Google Cloud was fighting its own blaze. A policy update pushed at 10:45 PDT (17:45 UTC) introduced unintended blank fields into Service Control’s quota tables. Service Control, the binary responsible for every API request’s authorisation, quota and policy checks encountered a null pointer exception and entered a crash‑loop in every region almost simultaneously.

Within ten minutes Site Reliability Engineers had isolated the cause; within 25 minutes they enacted the “red button” to disable the offending policy path; and by two hours later most regions were recovering. However, the us‑central1 region suffered an extended tail of throttled Spanner calls because Service Control lacked an exponential backoff mechanism, stretching total downtime to nearly 3 hours before full recovery (status.cloud.google.com) (reddit.com).

Knock‑On Effects and Visible Impact

As these core failures unfolded, millions of end‑users saw 503 errors and time‑outs on services they rely upon daily. Twitch, GitLab, Replit, Elastic, Discord and even Amazon’s Twitch were knocked offline or degraded as they all sat behind Google Cloud APIs or Cloudflare’s edge network. Downdetector logged over 13 000 incident reports in the first hour alone (businessinsider.com). By mid‑afternoon services were trickling back online, but the episode sparked widespread confusion on social channels and a reminder of how intertwined our cloud‑native world has become (thedailybeast.com).

Key Takeaways

  1. Beware Hidden Single Points of Failure
    Even “coreless” services can mask central dependencies. Any third‑party component that isn’t under your direct control needs rigorous resilience planning.
  2. Feature Flags and Defensive Coding Matter
    Google’s ordeal underlines that new features: especially those touching policy or control planes, must be shielded behind flags and embraced with robust error‑handling. A simple null‑check might have prevented three hours of global disruption.
  3. Graceful Degradation over “Fail Closed”
    Many systems are configured to fail‑closed for good reason, but overly aggressive shutdowns can cascade. Consider layered fallbacks that preserve partial functionality.
  4. Multi‑Cloud Isn’t Just Hype
    The contrast between Google Cloud and other providers (AWS and Azure remained largely unaffected) shows the value of distributing critical workloads across diverse infrastructures.
  5. Communication Is Critical
    Both companies took well over an hour to post their first detailed updates. In an age where customer monitoring may itself be impaired, more automated, redundant communication channels could spare teams and users alike from flying blind.

Moving Forward

Cloudflare has already accelerated work to migrate KV away from third‑party providers and to introduce progressive namespace re‑enablement tooling.

Google Cloud is freezing further Service Control changes until a modular architecture and better replication safeguards are in place. Both emphasise that this incident was a wake‑up call to revisit dependency ownership and resilience: from quick‑fix mitigations to long‑term architectural shifts.

For engineers, architects and operations leads, 12 June 2025 will be remembered not for the downtime itself, but for the depth of its teachings.

If there is a silver lining, it lies in the renewed focus on robust design patterns, rigorous testing, resillience engineering, and the humility to acknowledge that even the biggest names aren’t immune.