Canonical Faces Coordinated Cyberattack: Ubuntu Services Disrupted
On the evening of April 30, Canonical—the company behind Ubuntu—announced it was dealing with a “sustained, cross-border” attack targeting several of its key online platforms. This incident left many users unable to access the Ubuntu website, the Snap Store, or Launchpad. Below, we answer the most pressing questions about this disruption and what it means for Ubuntu users.
1. What exactly happened to Canonical’s services?
Canonical confirmed that its infrastructure came under a deliberate, sustained attack originating from multiple countries. The assault began around 6 PM UK time on April 30 and caused immediate outages for several major properties, including the main Ubuntu website, the Snap Store, and the Launchpad development platform. The company stated it was actively working to mitigate the issue and promised to share further details as they became available.
2. Which services are currently down or affected?
The most visible impact is on ubuntu.com, snapcraft.io (home of the Snap Store), and launchpad.net. Users trying to access these sites may encounter timeouts or error messages. Additionally, the primary APT repository at archive.ubuntu.com is offline as of this writing. However, Canonical has stressed that the Ubuntu APT package repositories remain functional overall because they are mirrored across numerous servers and geographic locations.
3. What services are still working fine?
Despite the attack, several critical resources remain accessible. The Ubuntu ISO image downloads are still available via alternative mirrors, so users can obtain fresh installations or bootable media. Likewise, the APT repositories themselves are not completely down—unless you rely on the specific archive.ubuntu.com mirror. Many regional mirrors (e.g., us.archive.ubuntu.com) continue to operate normally. Canonical also assured the community that its core cloud and container services were not directly targeted in this incident.
4. How does this attack affect everyday Ubuntu users?
For average desktop users, the main inconvenience is the inability to visit the Ubuntu website for documentation or news, or to use the Snap Store to install snap packages. If you rely on the official archive.ubuntu.com repository for package updates, you may need to switch to an alternative mirror temporarily. Users who already have packages cached on their systems or use regional mirrors should experience minimal disruption. The attack does not affect installed software or system security updates—those are delivered via the mirrored APT repos.
5. What is Canonical doing to address the attack?
Canonical’s security and operations teams responded immediately after the attack was detected. The company stated it was “working to address” the situation and would provide further updates promptly. While specific technical details have not been disclosed, typical countermeasures include traffic filtering, DDoS mitigation, load balancing, and temporary failovers to unaffected infrastructure. Canonical has extensive experience with large-scale distributed systems, and their response involves coordination with upstream providers and mirror operators to restore full access as quickly as possible.
6. What can users do to stay informed and protected?
To stay updated, follow Canonical’s official blog and @ubuntu on social media for real-time status reports. System administrators can ensure their sources.list files point to trusted regional mirrors rather than relying solely on archive.ubuntu.com. For critical systems, consider using local caching proxies or offline package caches to reduce dependency on external repositories. Also, verify that you are running the latest security patches (installed from mirrors unaffected by the attack) to minimize any potential vulnerabilities that attackers might exploit.