OpenAI says ChatGPT outages were possibly caused by DDoS attacks
ChatGPT users may have observed the AI chatbot suffering from “periodic outages” for the past 24 hours. Now, ChatGPT-maker OpenAI has come forward with an update on the matter, confirming that the firm is currently grappling with what seems to be a wave of distributed denial-of-service (DDoS) attacks targeting its popular AI-powered chatbot ChatGPT. These cyberattacks have led to recurring disruptions in ChatGPT services and OpenAI’s developer tools. These outages and attacks come on the heels of OpenAI holding its first-ever developer conference, wherein it revealed a preview version of GPT-4 Turbo.
The trouble began when ChatGPT users and developers started experiencing sporadic outages that persisted over a 24-hour period. The disruptions were characterized by messages informing users that “ChatGPT is at capacity right now,” rendering the chatbot inaccessible to many. OpenAI CEO Sam Altman initially explained these issues by stating that the enthusiastic response to the new platform features, introduced at the developer conference, had “far outpaced” their expectations. “usage of our new features from devday is far outpacing our expectations. we were planning to go live with GPTs for all subscribers monday but still haven’t been able to. we are hoping to soon. there will likely be service instability in the short term due to load. sorry,” read his post on X on November 8.
usage of our new features from devday is far outpacing our expectations.
we were planning to go live with GPTs for all subscribers monday but still haven’t been able to. we are hoping to soon.
there will likely be service instability in the short term due to load. sorry :/
— Sam Altman (@sama) November 8, 2023
However, OpenAI’s incident report was subsequently updated to acknowledge that the problems persisted, revealing that ChatGPT and its API were suffering from “periodic outages.” A comprehensive investigation indicated that these ongoing issues were likely the result of a DDoS attack and not really an “outpacing” of demand. DDoS attacks are malicious attempts to overload online services by bombarding them with an excessive volume of requests, rendering the services inoperative. “We are dealing with periodic outages due to an abnormal traffic pattern reflective of a DDoS attack. We are continuing work to mitigate this,” OpenAI updated its status page at 19:49 PST on November 8.
The recurring disruptions have not only inconvenienced ChatGPT users but have also hindered developers who rely on OpenAI’s tools and infrastructure. OpenAI’s ChatGPT, launched to the public a year ago, has gained widespread popularity, with over 100 million users each week, and the company’s services are integral to a significant portion of Fortune 500 businesses. OpenAI has not formally attributed the DDoS attacks to any specific group or entity. However, a group identifying itself as “Anonymous Sudan” has claimed responsibility for these attacks, citing OpenAI’s perceived “general biases towards Israel and against Palestine” as their motivation. They’ve referred to the attacks as a response to these biases.
The DDoS attacks on ChatGPT and OpenAI’s services have been executed using the SkyNet botnet, which recently incorporated support for Layer 7 (L7) DDoS attacks. In L7 DDoS attacks, cyberattackers target the application layer, overwhelming services with an excessive number of requests. This places a substantial strain on the target’s server and network resources, making these attacks highly effective. OpenAI is actively addressing the situation, working to mitigate the effects of the persistent DDoS attacks. ChatGPT is working fine at the time of the writing of this article.