Analysis of Didi's November 2023 System Outage and Potential Technical Causes

On the evening of November 27, 2023, Didi experienced a system failure that caused the app to stop displaying location data and prevented ride requests. The company issued an apology citing a system fault.

By the morning of November 28, Didi announced that ride‑hailing services had been restored, though bike‑sharing remained partially unavailable. Journalists in Shanghai and Shenzhen reported continued issues with the ride‑hailing function, and Didi later confirmed that driver and passenger rights were being gradually reinstated.

On November 29, Didi issued another apology, stating that a preliminary investigation identified a fault in the underlying system software as the cause.

Prior to Didi’s official statements, senior IT professionals suggested that the simultaneous failure of multiple business lines indicated a problem at the infrastructure layer rather than an application‑level attack. They noted that attackers typically cannot breach the underlying infrastructure without first compromising the application layer.

360 security experts outlined six possible technical reasons for the outage:

Programming errors, logic bugs, or unhandled exceptions introduced during a system update, likely occurring during nighttime deployments.

Server hardware failures, such as overheating or environmental disasters affecting core data centers.

Third‑party service or component failures that could impact Didi’s backend architecture.

Distributed Denial‑of‑Service (DDoS) attacks, though deemed unlikely because DDoS would not corrupt data and Didi has sufficient capacity to mitigate such attacks.

Other network attacks, including data theft and potential accidental damage during illicit data handling.

Ransomware encryption of underlying data or business code, possibly prompting a preemptive service pause.

Some security analysts argued that if an external hack were responsible, Didi would have issued an immediate statement, suggesting the issue may stem from internal major business adjustments or new services integrated without adequate preparation, a common cause of large‑scale system failures.

Industry observers also pointed out that cost‑cutting measures could be a contributing factor, as reduced investment in core systems and maintenance can increase the likelihood of bugs and prolonged outages.

One insider noted that during growth phases, companies maintain excess capacity (e.g., operating at 70% load) to handle traffic spikes, whereas during downturns they may operate closer to capacity limits, making systems more vulnerable to failures.

Rumors circulated that the outage was triggered by an upgrade of the Kubernetes version, with SRE engineers unable to pinpoint the issue after three hours of investigation.

According to Didi’s public technical sharing, the company upgraded its elastic cloud Kubernetes version from 1.12 (released in 2018) to 1.20 (released in 2020) the month prior to the incident.