Tumblr spammers blast blog site over slow response to attack warning

Blogging platform falls victim to spammers.

Hackers

The group responsible for carrying out an attack on Tumblr, which resulted in abusive messages being posted on thousands of users' blogs, claim they warned the site an attack could happen weeks ago.

The blogging site was hit by a spamming group called GNAA yesterday who used the platform to post a 200-word anti-Tumblr rant on thousands of the firm's blogs.

"This is in response to the seemingly pandemic growth and worldwide propagation of the most F******G WORTHLESS, CONTRIVED, BOURGEOISIE, SELF-CONGRATULATING AND DECADENT B******T THE INTERNET EVER HAD THE MISFORTUNE OF FACILITATING," the post stated.

We contacted Tumblr two weeks ago...but they never got back to us.

In an interview with news site Gawker, a person reporting to be a GNAA spokesperson, said the group warned Tumblr an attack could take place weeks ago.

"Someone would have done a lot worse than just posting a message over and over if they didn't fix it right away," said the spokesperson.

"We contacted Tumblr about it about two weeks ago. We used the 'can't find what you're looking for' link at the bottom of the email troubleshooting page. They never got back to us."

The site is used to publish more than 70 million posts a day and reportedly hosts nearly 71 million blogs.

In a blog post, a Tumblr spokesperson said the firm had moved quickly to resolve the issue.

"We quickly identified the source, removed the posts, and restored service to normal," the post stated.

"No accounts have been compromised, and you don't need to take any further action."

In a further post on the Naked Security blog, Graham Cluley, senior technology consultant at security software vendor Sophos, was able to shed some light on how the attack was carried out.

"The worm took advantage of Tumblr's reblogging feature, meaning that anyone who was logged into Tumblr would automatically reblog the infectious post if they visited one of the offending pages," wrote Cluley.

"Each affected post had some malicious code embedded inside them...If your computer was logged into Tumblr, it would result in the GNAA content being reblogged on your own Tumblr," he added.

Featured Resources

Become a digital service provider

How to transform your business from network core to edge

Download now

Optimal business results with the cloud

Evaluating the best approaches to hybrid cloud adoption

Download now

Virtualisation that enables choices, not compromises

Harness the virtualisation technology that's right for your hybrid infrastructure

Download now

Email security threat report 2020

Four key trends from spear fishing to credentials theft

Download now

Recommended

How LogPoint uses MITRE ATT&CK
Whitepaper

How LogPoint uses MITRE ATT&CK

15 Jan 2021
Hackers using COVID vaccine as a lure to spread malware
hacking

Hackers using COVID vaccine as a lure to spread malware

15 Jan 2021
Cyber criminals bypassing MFA to access cloud service accounts
two-factor authentication (2FA)

Cyber criminals bypassing MFA to access cloud service accounts

14 Jan 2021
Weekly threat roundup: Microsoft Defender, Adobe, Mimecast
vulnerability

Weekly threat roundup: Microsoft Defender, Adobe, Mimecast

14 Jan 2021

Most Popular

How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
The fate of Parler exposes the reality of deregulated social media
Policy & legislation

The fate of Parler exposes the reality of deregulated social media

14 Jan 2021
Should IT departments to call time on WhatsApp?
communications

Should IT departments to call time on WhatsApp?

15 Jan 2021