Click to Enlarge
Better late than never, although both are preferable to being at the scene of the crime in a recent case of repeated spamposts across what appears to be a large number of Tumblr accounts.
It seems three Tumblrs – all of which are now offline – were responsible for exploiting the site to spam this charming trollface image on Tumblrs belonging to anybody who placed their hands too close to the lion cage (or in this case, trollbait). There were also reports of user dashboards glitching out once the spam had posted to their sites. Based on reports across many of the Tumblrs hit by this, some user interaction was required to get the ball rolling -Tumblr users had to click either the post or the person who reblogged it previously to further the spread. Once the user did this, they would find multiple reposts of the same content to their own blog. However, this is not normal behaviour and content shouldn’t reblog simply by performing either of those two actions.
Check out the number of reblogs for two of the posts – one has 100,000+ and the second has 96,400+. That’s a whole lot of spamming going on, so much so that the official Tumblr Twitter account posted this today:
For those seeing repeated posts in your Dashboard, don’t worry: your accounts have not been compromised. Tech is resolving the issue now.
Many users were naturally worried about password theft, but it seems passwords were untouched. With all of the sites responsible for this now offline, it’s impossible to take a direct look at the sites responsible but someone who viewed the code while this was happening posted up their findings on their Tumblr blog (note that they mention the tally had risen to 180,000+ by the time of their writing).
As always, it’s a good thing something like this wasn’t chained to a Malware scam or the end result could have been a lot more serious for all concerned. Thankfully Tumblr caught it quickly, and the majority of our spinning cat gifs live to fight another day.
Leave a reply