Tumblr patches hole after malicious site attack

Tumblr called out by malicious hacking group GNAA for not properly securing its site

Popular online social networking site Tumblr was ravaged on Monday by an Internet worm that spewed racist and inflammatory messages across thousands of user accounts.

The malicious hacking group known as GNAA claimed responsibility. The group has a history of menacing online communities with inflammatory messages, an activity known as trolling. Tumblr has since fixed the security vulnerability that led to the propagation, according to the company.

The self-replicating software that quickly propagated across the site added new Tumblr entries to an untold number of user accounts. It also threatened to remove all of a user's content if the offending posts were removed.

The organization instigated the attack to protest excessive self-righteousness on the part of bloggers, according to a GNAA spokesman who answered questions by email. The replicated entry called Tumblr users "self-insisting, self-deprecating, self-indulgent empty husks of human beings." The message was tagged with the keyword "bronies," which is a group of adult fans of "My Little Pony: Friendship Is Magic," an animated television show for children.

Brooklyn, New York, resident Amanda Lucci was one Tumblr user affected by the worm. She had read on Twitter early Monday morning Eastern time that the news site Daily Dot was hacked. Because her computer was logged into Tumblr at the time, when she clicked on the Twitter link to access Daily Dot, the GNAA message replicated multiple times onto her Tumblr account.

"I was kind of panicked because I love my blog and I would be devastated if anything happened to it or if I would have to delete it," Lucci wrote by email. She learned about how to fix her account not from Tumblr but from a user on Twitter, who noted the offending entries could be successfully removed through the mass post-delete option. She also logged out for several hours and changed her password. Since then, her site appears to be operating normally.

The group had notified Tumblr of the vulnerability several weeks back, the GNAA said, but the company had not fixed the hole. That inaction was cited by the GNAA in press reports as a reason for its attack Monday. The worm apparently exploited an unsecured video embedding script.

"We did intend to protest their lax security practices. We wanted to call out the fact that their security practices are seemingly nonexistent, even when informed well in advance of the problem," wrote the GNAA spokesman in an email. GNAA has estimated that over 8,000 accounts were compromised during the attack.

A Tumblr spokeswoman declined to elaborate on the attack, noting only that "Tumblr engineers have resolved the issue." The attack affected only a few thousand Tumblr accounts, she said.

This is not the first time GNAA has been in the press for online tomfoolery. Most recently, when the Northeast U.S. was hit by Hurricane Sandy, members of the group used Twitter to fool several media outlets into reporting that looting was taking place in areas affected by the storm.

Founded in 2007, Tumblr now hosts 83.2 million blogs, with a staff of 125 employees.

Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is Joab_Jackson@idg.com

Join the newsletter!

Or
Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securitymalwareTumblr

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Joab Jackson

IDG News Service
Show Comments

Essentials

James Cook University - Master of Data Science Online Course

Learn more >

Mobile

Victorinox Werks Professional Executive 17 Laptop Case

Learn more >

Exec

Budget

Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?