[Update] Internet trolls target Tumblr; viral post infects 6,000 blogs and counting

tumblr blocked

UPDATE: Tumblr notified us that the worm has been removed: “Tumblr engineers have resolved the issue of the viral post attack that affected a few thousand Tumblr blogs earlier today. Thank you for your patience.”

UPDATE 2: Tumblr has followed up with a terse blog post saying that all posts related to the attack has been removed: “No accounts have been compromised, and you don’t need to take any further action.” It’s now back to business as usual at Tumblr HQ.

Thanks to the work of an anti-blogging hacker group, Tumblr has been hacked and a surprising amount of popular domains have been exploited. 

The worm itself isn’t damaging to your blog, so there’s not much to worry about in terms of losing your information or having your blog wiped clean. The worm is similar to the clickbait posts that you’ve seen on Facebook, which once you click on the post gets republished to your wall (in this case, to your Tumblr blog). The viral post was planted this morning on Tumblr and spread to 6,000 unique visitors so far in just a matter of a few hours. With 80 million blogs that exist on Tumblr, this is just a fraction of blogs that were affected, however many popular sites were hit (including USA Today’s and The Verge’s Tumblrs) and the bug has the potential to infiltrate the platform much further. 

If you see the hate-filled message like the one in the screen shot below, do not click on it.

gnaa hate post

If you’re signed into your Tumblr dashboard and click on the post, it will infect your blog and republish the message as a blog post. You won’t have to worry about the “P.S.” part of the message since it’s just an empty threat. Because it publishes just one blog post at a time, to remove it you can simply delete the single post without it affecting your blog as a whole, but before you jump ahead of yourself it’s not that that straight forward. Unfortunately it appears that infected Tumblr accounts can’t delete the post through Tumblr’s dashboard without spawning more posts, so the Daily Dot is recommending that using the Missing-E browser plugin will get rid of the posts for good without any recourse.

We reached out to Tumblr and their spokesperson responded to the incident with the following statement, indicating that Tumblr is aware of the situation and actively working on combating the problem.

“There is a viral post circulating on Tumblr which begins “Dearest ‘Tumblr’ users”. If you have viewed this post, please log out of all browsers that may be using Tumblr immediately. Our engineers are working to resolve the issue as swiftly as possible. Thank you.”

A “hackavist” collective by the name of The Gay Ni**er Association of America (GNAA) has stepped up to claim responsibility for the exploit. GNAA’s spokesperson tells the Daily Dot, “The guy who found the bug messaged me about six hours ago, and we went live just under three hours ago. We started with one post on a brand new Tumblr blog, I sent the link to a few people, and it went from there. Well, it looks like we’ve reached nearly 6,000 unique users affected … Never expected it to get this big.”

According to NewMediaRockstars, the GNAA also plans to take on WordPress and Disqus.

Social Media

Twitter squashes security bug leaking direct messages since 2017

The team at Twitter has discovered and corrected a security bug within one of their developer APIs that has been leaking sensitive information sent via direct messages to business accounts.

From Android 1.0 to Android 9.0, here’s how Google’s OS evolved over a decade

It's hard to believe, but Android has been around for almost a decade now. From Android 1.0 to Android 9.0 Pie, here's the history of Android and the changes that came with each new software iteration.

Newegg was cracked, customer data has leaked, and security is clearly scrambled

Online electronics retailer Newegg has found themselves at the heart of an online security breach as the company's payment system was breached, giving hackers of the notorious group, Magecart, potential access to confidential customer data…

Windows improves handwriting-recognition skills at the peril of users’ security

A Windows file that is designed to help improve the platform's ability to translate your handwritten notes into readable text may be a security concern. One researcher found it contained passwords and email contents.

Instagram’s shopping stickers for businesses see wide rollout

As the Stories format continues to grow, Instagram is allowing users to shop the items inside a Stories photo or video. Instagram recently expanded stickers that let people shop inside a Story by tapping on the sticker.
Social Media

Facebook is paying cash rewards if you find vulnerabilities in third-party apps

As part of efforts to put the Cambridge Analytica scandal and related issues behind it, Facebook said this week it's expanding its bug bounty program to include third-party apps and websites that could potentially misuse its data.
Smart Home

Restaurants may soon have chefs who know all about you before you walk in the door

At Seattle’s Addo, chef Eric Rivera gives pop-up-style restaurants a permanent home, and he leverages everything from Instagram to a ticketing service to bring in customers.
Social Media

A lot less clutter! Twitter relaunches purely chronological timeline

If you still miss the reverse-chronological timeline that Twitter ditched two years ago and you're fed up with all of the extra algorithmic tweets appearing in your feed, there's now a way to return it to how it used to be.

Facebook appears set on crafting custom silicon for augmented reality devices

Facebook's latest job postings are seeking engineers and developers for custom augmented reality chipsets, and seem to support speculation that the company is looking to produce AR glasses.
Social Media

How to turn off Snapchat’s location-based Snap Map

Thanks to an opt-in feature added last year, Snapchat may be sharing your location with friends whenever you open it. Here, we'll walk you through how to turn off said feature off and regain some peace of mind.
Social Media

How to send money on Facebook

In case you weren't already aware, you can now use Facebook Messenger to send or request money, which will allow you to skirt the fees oft-associated with services like Venmo. Here's how to use it.
Smart Home

Is Amazon tweaking its search algorithms with a new A.I.-driven shopping site?

Amazon is testing a new shopping site, Amazon Scout, which combines a visual aesthetic with customers' ability to like and dislike products, collecting more data on users' habits and preferences.

To post or not to post? Here's when you should put up a picture on the 'Gram

Let's be honest, the majority of us care about the popularity of our Instagram posts. There is a sweet spot, however, if you're looking to boost the number of likes and comments you receive. Here's what you need to know.
Social Media

Instagram could separate hashtags for less annoying posts

Just what features will Instagram add next? One enthusiast reverse engineered the app to uncover several potential features the app could be testing, including a dedicated spot for hashtags and geofencing.