On April 30, 2023, a targeted attack knocked several of Canonical's core services offline, affecting Ubuntu users worldwide. This Q&A breaks down what happened, which services were impacted, and what you should know about the incident.
What exactly happened?
Starting around 6 PM UK time on April 30, Canonical’s websites and services began experiencing a sustained, cross-border attack. The company confirmed that hostile traffic was overwhelming their infrastructure, causing outages for the Ubuntu website, the Snap Store, and Launchpad. Canonical described it as a deliberate and ongoing action, not a simple technical glitch.
Which services were affected and which remained operational?
Public-facing services like ubuntu.com, the Snap Store, and Launchpad were hit hard. However, Ubuntu APT repositories were largely unaffected because they are mirrored across many servers worldwide. While the primary archive.ubuntu.com was offline, users could still update via mirrors. ISO images for download also remained accessible through alternative CDNs. Internal enterprise services may have seen intermittent access.
Was user data compromised?
Canonical did not report any data breach. The attack appeared to be a denial-of-service (DoS) assault, aimed at overwhelming servers rather than stealing information. No unauthorized access to user accounts or personal data was disclosed, though users should remain cautious and monitor official updates.
How did Canonical respond?
Engineers immediately began mitigating the attack, implementing additional filtering and scaling resources. The company promised updates and worked with upstream partners to restore full functionality. They emphasized that the situation was under active management, but full restoration could take hours or days depending on the attack’s persistence.
What should Ubuntu users do during such outages?
If you rely on regular updates, consider switching to a different APT mirror. Canonical’s official mirror list helps you find a local, working server. For Snap packages, you can install from local archives if you have backups. Otherwise, patience is key – Canonical typically resolves such incidents with priority. Avoid any unofficial workarounds that might compromise your system.
Could this happen again?
Distributed denial-of-service attacks are a common threat in the tech industry. Canonical has robust infrastructure and multiple layers of mitigation, but no system is 100% immune. They continuously improve defenses, but attacks can evolve. Users should prepare with offline backups of critical packages and stay updated via official communication channels during emergencies.