Some Tumblr Blogs Have Been Hacked

UPDATE: According to a tweet by Mashable reporter Alex Fitzpatrick, Tumblr is operational again.

In an interview with Gawker, the group responsible for the hack says they warned Tumblr about the exploit weeks ahead of time.

PREVIOUSLY: Tumblr has been hacked.

Check out the Daily Dot's Tumblr page to see what's going on, but be careful – if you visit a hacked page while logged in to Tumblr, your account will be compromised as well.

The worm takes over a Tumblr blog and turns every post into an angsty anti-Tumblr message, railing against the "pandemic growth and world-wide propagation of the most f*cking worthless, contrived, bourgeoisie, self-congratulating, and decadent bullsh*t the internet has ever had the misfortune of facilitating."

It includes a warning that attempting to delete the altered posts will delete your entire Tumblr account. This doesn't seem to be the case, as Buzzfeed points out that you can delete the posts using Tumblr's Mega-Editor.

If you absolutely must check Tumblr right now, do so through your Dashboard and don't visit links to Tumblr pages. You can also log out to visit Tumblr without being affected.

The group claiming responsibility is the GNAA, an group of anti-blogging internet trolls. The acronym stands for something pretty unpleasant. Check out the Wikipedia page to learn a bit more about them.

The group's Twitter account claims that 8,600 blogs have been affected so far.

We reached out to Tumblr for comment, which provided us with the following response:

"There is a viral post circulating on Tumblr which begins "Dearest 'Tumblr' users". If you have viewed this post, please log out of all browsers that may be using Tumblr immediately. Our engineers are working to resolve the issue as swiftly as possible.  Thank you."

Buzzfeed offers the following as to how the hack was made possible: "One developer suggests that the exploit uses a 'data-uri script tag' in the video embed field. In other words, it runs some sort of script through the section of the site that's supposed to only allow video embed codes from sites like YouTube and Vimeo. A pretty serious security hole!"



More From Business Insider
Search