UPDATED NEWS: Fuller Eyes Concord, Rhapsody To XBox, Rock Hall Gets New Leader, Turntable Pivots & More
iTunes Music Store Adds 56 Countries, GeoRiot Provides Nation-Specific Affiliate Links

The Downside Of Social: 8,600 Tumblr Accounts Defaced By Fake Racist Posts

Tumblr-Icon

UPDATE: The attack which effected thousands of blogs has been fixed, but illustrates how social openness can lead to security problems. "The more functional you make something, the less secure it tends to become," according to Roger Thompson, of ICSA Labs.

"It appears that the worm took advantage of Tumblr's reblogging feature, meaning that anyone who was logged into Tumblr would automatically reblog the infectious post if they visited one of the offending pages," according to researchers at Sophos' Naked Security blog.

Tumblr, a platform used by thousands of musicians and labels, has been hit with a nasty worm today posting racist messaging to users' blogs without their permission. The hacker group GNAA has claimed responsibility for the attack and has said 8,600 unique Tumblr users have been affected. The massive bug is sweeping all across Tumblr with some of the biggest blogs being affected like USA Today, Reuters, The Verge, and CNET. The hackers apparently don’t like Tumblr or its users very much, as the fake post criticized Tumblr for the "propagation of the most f**king worthless, contrived, bourgeoisie, self-congratulating and decadent bulls**t the Internet has ever had the misfortune of facilitating." Tumblr users are then accused of being unoriginal (among other insults) and are suggested to kill themselves.

Lovely.

"We are aware that there is a viral post circulating on Tumblr,” the company said on Twitter. “We are working to resolve the issue as swiftly as possible."

PC Mag reports that the worm appears to have taken advantage of Tumblr's re-blogging feature.

"Anyone who was logged into Tumblr would automatically reblog the infectious post if they visited one of the offending pages," said Sophos analyst Graham Cluley. “If you were not logged into Tumblr when your browser visited the URL, it would simply redirect you to the standard login page. However, if your computer was logged into Tumblr, it would result in the GNAA content being reblogged on your own Tumblr."

If you're a Tumblr user, it’s probably best that you stay away from your dashboard and Tumblr.com for a while. Also, if you've seen the fake post, Tumblr is also encouraging you to immediately log out of any browsers that might be using Tumblr.

Hisham Dahud is a Senior Analyst for Hypebot.com. Additionally, he is a digital strategist for Fame House and an independent musician. Follow him on Twitter: @HishamDahud

Comments