Cyberattack Temporarily Disrupts Canonical's Ubuntu Services and Snap Store

On the evening of April 30, Canonical's online ecosystem—including the Ubuntu website, the Snap store, and the Launchpad development platform—was taken offline by a sustained, cross-border cyberattack. The company acknowledged the incident and stated it was actively working to mitigate the disruption. While some services were hit hard, others, like the APT package repositories, remained largely available thanks to a distributed mirror infrastructure. Below, we answer the most pressing questions about this outage.

What exactly happened to Canonical's websites?

A coordinated and persistent attack—described by Canonical as a "sustained, cross-border" assault—targeted the company's public-facing web services. This type of distributed denial-of-service (DDoS) attack floods servers with traffic, making them unavailable to legitimate users. The goal was likely to disrupt access to Canonical's flagship platforms, including the main Ubuntu website, the Snap Store (snapcraft.io), and the Launchpad bug tracking and development hub. The attack began around 18:00 UK time on April 30 and continued for several hours. Canonical’s team took immediate steps to trace the source and shore up defenses, promising updates as more information became available.

When did the attack start and how long did it last?

The outage started at approximately 6:00 PM (UK time) on 30 April. Initial reports from users around the world confirmed that the affected sites were unreachable or extremely slow. Canonical’s status page and social media channels were updated soon after to acknowledge the incident. The attack persisted into the next day, though some services began to recover intermittently. By the following morning, most fronts were restored, but Canonical continued to monitor for residual effects. The duration of the main disruption was roughly 12–15 hours, with full recovery taking a bit longer for certain sub-services.

Which Canonical services were taken offline?

Several key services were inaccessible during the peak of the attack:

• Ubuntu website (ubuntu.com) – the main portal for downloads, documentation, and community.
• Snap Store (snapcraft.io) – the app store for snap packages used on Ubuntu and other Linux distributions.
• Launchpad (launchpad.net) – the collaboration platform for open-source projects hosted by Canonical.
• Main archive.ubuntu.com – the primary package repository for apt upgrades.
• Other subdomains like discourse.ubuntu.com and juju.solutions were also intermittently affected.

Users trying to visit these pages saw errors, timeouts, or blank screens during the worst hours of the attack.

Were any services unaffected and still accessible?

Despite the widespread disruption, the core Ubuntu package repositories (APT repos) remained largely online. Because Canonical distributes its repositories across a global network of mirrors, traffic could be rerouted to alternative servers. The main archive.ubuntu.com was down, but regional mirrors (e.g., us.archive.ubuntu.com, uk.archive.ubuntu.com) continued to function normally. Additionally, ISO image downloads were still available because they are hosted on a different content delivery network that was not targeted. This ensured that users could still install or update Ubuntu using apt update if they had configured a mirror in their sources.list. The Snap Store’s outage, however, prevented new snap installations or updates for those who rely solely on the official store.

How did Canonical respond to the attack?

Canonical’s response was swift and transparent. The company publicly acknowledged the incident via its official status page and social media, describing it as a "sustained, cross-border attack" and pledging to "work tirelessly to resolve the issue". Their security and infrastructure teams immediately implemented mitigation measures, including traffic filtering, scaling up defensive resources, and collaborating with upstream network providers. Canonical also advised users to use alternative APT mirrors if they experienced issues. While they did not provide a detailed post‑mortem immediately, they promised regular updates until full restoration. This proactive communication helped maintain trust even as services were disrupted.

What does this mean for regular Ubuntu users?

For most everyday Ubuntu users, the impact was minimal if they already had a working system. Those who needed to install new snap applications or visit the Ubuntu website for documentation encountered temporary inconvenience. However, users performing system updates via apt were generally unaffected, as long as their software sources pointed to a mirror (the default setup). The outage highlighted the importance of Canonical’s mirror infrastructure and the resilience of the Debian‑based packaging system. It also served as a reminder to keep local caches and alternative mirrors configured. Overall, the attack caused no data loss and little permanent disruption, but it underscored the vulnerability of centralised web services to DDoS attacks.