If you maintain a blog on Tumblr, it might be a good idea to stay away from the site for the time being. Apparently, hacker group GNAA has taken advantage of a major security hole to publish racist and offensive posts to Tumblr blogs, and visiting infected blogs while logged into Tumblr helps these posts spread. Buzzfeed originally reported on the attack, posting images of the inflammatory posts being published (just a warning: they’re pretty offensive to anyone other than an Internet troll).
Buzzfeed suggests that if you go to Tumblr, only go to your dashboard. By avoiding other Tumblr blogs, you can prevent this exploit from spreading and posting things you probably don’t want to your blog. It seems that this exploit first targeted, of all things, Tumblr’s Brony tag, with the company making a statement on the exploit. Here it is in full:
There is a viral post circulating on Tumblr which begins “Dearest ‘Tumblr’ users”. If you have viewed this post, please log out of all browsers that may be using Tumblr immediately. Our engineers are working to resolve the issue as swiftly as possible. Thank you.
No word on when a fix is scheduled to arrive, but hopefully it’s delivered at some point today. The post themselves are shooting for shock value in a big way, so make no mistake, this definitely isn’t anything you want your visitors to see. It’s possible that this exploit is spread by running a script in the video embed field, so this is a big security problem indeed.
Of course, breaches like this are nothing new, with hackers doing their best to constantly keep us on our toes. Even though there isn’t any evidence that GNAA is accessing accounts to put these posts up, it’s probably still a good idea to change your password. Better safe than sorry, after all. Keep it tuned here at SlashGear and we’ll keep you posted any new developments with this breach.