Open Source Subnet An independent Open Source community View more

Tumblr hacked in Brony-related attack spreading racist spam post

Tumblr has been hacked in a rapidly moving attack that hijacks users accounts and posts an offensive message. The kicker? When users try to delete the post, their account gets deleted, too.

Massively popular blogging site Tumblr has been hacked by the infamous hacking group known as GNAA (the acronym stands for an inherently offensive name; search at your own risk).

The hack hijacks users' Tumblr blogs and reposts a racist and hate-filled tirade lamenting bloggers and the nature of blogging in general. The post ends with a post-script that reads: "Attempting to delete these posts will delete your tumblr account ; ] but, by all means, go ahead!"

Buzzfeed provides some good advice for avoiding falling victim to the hack. The basis is to avoid Tumblr at all costs until further notice.

First, here's how to avoid getting hacked:

1) Maybe just don't go to Tumblr right now? This will be fixed soon, probably, but the exploit posts are embarrassing and the more people get infected, the faster they spread.

2) If you DO go to Tumblr, only visit your Dashboard. Don't follow any direct links to Tumblr posts, or visit any Tumblrs directly — that's how this this spreads.

3) If you've been exploited, close all Tumblr tags, reopen your Dashboard, delete all the posts in your mass editor, and change your password. There's no evidence yet that this exploit actually accessed your account, or steals your password, but at this point it's probably still a good idea.

4) If you log out of your tumblr account you'll be able to view infected blogs without consequence.

Gizmodo provides the following advice for resolving the issue if your Tumblr account has been infected:

The good news, though? There seems to be an easy fix. In the event you're infected, go to the Tumblr mass editor, delete the bad posts, and refresh. And though there's not evidence the GNAA has actually accessed your account, you should go ahead and change your password. This exploit shouldn't last longer than about 10 minutes. In the meantime, avoid visiting individual Tumblrs and stick to the dashboard.

Buzzfeed reports that the attack targeted the Tumblr tag for "Brony," which is used as a means of connecting fans of the cartoon television show "My Little Pony Friendship is Magic." The GNAA issued a press release announcing that the attack was part of its "brony-removal drive," targeted at the largely male group of fans who call themselves "bronies."

The attack first targeted the Tumblr account for the internet news site The Daily Dot and spread virally by hijacking the accounts of users who clicked on it. According to Gizmodo, the hack has reached more than 8,600 users, including accounts for USA Today and The Verge.

The attack appears to exploit a "'data-uri script tag' in the video embed field," a developer told Buzzfeed, which clarified that the attack "runs some sort of script through the section of the site that's supposed to only allow video embed codes from sites like YouTube and Vimeo." Tumblr has issued the following statement to Buzzfeed:

There is a viral post circulating on Tumblr which begins "Dearest 'Tumblr' users". If you have viewed this post, please log out of all browsers that may be using Tumblr immediately. Our engineers are working to resolve the issue as swiftly as possible. Thank you.

The GNAA is an infamous hacking organization that has targeted several high-profile websites, including Slashdot, Wikipedia and the Obama campaign website, with little other purpose than trolling. Most recently, the GNAA was put in the spotlight after Andrew Auernheimer, the group's former president known more commonly by the hacking moniker "Weev," was convicted for his role in a highly publicized hack of AT&T customer data.

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies