Canonical Under Cyber Siege: Ubuntu Sites, Snap Store, and Launchpad Hit by Sustained Attack

If you've been unable to reach the official Ubuntu website, the Snap Store, or Launchpad, you're not alone. On the evening of April 30, 2025, at around 6 PM UK time, Canonical—the company behind Ubuntu—announced that its online services were under a "sustained, cross-border" cyberattack. The company is actively working to mitigate the disruption and has promised to share further details as they become available. This incident has raised concerns among developers and users who rely on these platforms for package distribution, project management, and system updates.

The Scope of the Attack

Canonical's infrastructure serves millions of users worldwide, and the attack appears to be a Distributed Denial-of-Service (DDoS) campaign targeting key web properties. The company has not yet attributed the assault to any specific group or nation-state, but the "cross-border" description suggests a geographically distributed origin. Below is a breakdown of what is currently affected and what remains operational.

Services Affected

• Ubuntu website (ubuntu.com) — The main portal for news, downloads, and documentation is intermittently unreachable.
• Snap Store (snapcraft.io) — The official repository for Snap packages is offline, blocking access to thousands of Linux applications.
• Launchpad — Canonical's collaborative platform for software development, bug tracking, and package building is experiencing outages.
• archive.ubuntu.com — The primary repository for APT packages is down as of this writing, though alternative mirrors remain accessible (see below).

Services Unaffected

• Ubuntu APT repositories — Most package mirrors are fully operational because they are distributed across multiple servers, countries, and continents. Users can update and install software by switching to a different mirror in their sources.list configuration.
• OS ISO image downloads — Direct downloads of Ubuntu ISO files are still possible through alternative channels, such as the Ubuntu Releases site (releases.ubuntu.com) or third-party mirrors.
• Snap runtime and installed snaps — Existing Snap installations on local machines continue to function normally, as snapd uses local caches and cached credentials. However, snap refresh and new installations may fail until the store recovers.

What Users Can Do Right Now

If you are directly impacted by the outage, here are a few practical steps:

1. Switch APT mirrors — Edit /etc/apt/sources.list to point to a different mirror, such as mirrors.kernel.org or us.archive.ubuntu.com. Alternatively, use the Ubuntu mirror list to find a local server.
2. Download ISOs from alternate sources — Visit releases.ubuntu.com or use the torrent links provided on that page.
3. Stay updated via official channels — Monitor Canonical's Twitter account (@Ubuntu) or the Canonical Status Dashboard (if accessible) for real-time updates.
4. Consider using mirrors for Snap downloads — Some third-party Snap proxies or mirror services may still be functional, though this is not officially supported.

Canonical's Response

Canonical has acknowledged the incident publicly, stating that their teams are "working to address" the attack. The company has not yet disclosed whether any sensitive user data has been compromised, but DDoS attacks typically aim to disrupt availability rather than breach confidentiality. However, the prolonged downtime of services like Launchpad—which hosts thousands of open-source projects—could have collateral effects on software release cycles and collaboration.

In a brief update, Canonical mentioned that the attack originated from multiple international sources, suggesting a coordinated effort. This is not the first time Canonical has faced such threats; the company has invested in robust infrastructure and DDoS mitigation services, but the scale of this assault appears to have overwhelmed some defenses.

Broader Implications

The outage highlights the fragility of centralized distribution models in open-source ecosystems. While APT's mirror network proved resilient, the Snap Store's more centralized architecture left it vulnerable. This incident may reignite debates over the balance between convenience and decentralization. Developers who rely on Launchpad for daily workflows may need to consider backup options, such as self-hosted Git repositories or alternative CI/CD systems.

For end users, the most immediate inconvenience is the inability to install new Snaps or update system packages via the default archive. However, given the breadth of Ubuntu's mirror network, most users should be able to continue their work with minimal disruption.

Conclusion

As Canonical continues to battle this sustained cyberattack, the community watches closely for a resolution and for any lessons that can be learned. The company has earned a reputation for transparency and resilience, and this incident is a reminder that even major Linux distributions are not immune to targeted online attacks. We will update this article as more information becomes available. In the meantime, taking the simple steps outlined above can help you stay productive while the services recover.