Monday, December 3, 2012

Tumblr’s Getting Massively Hacked Right Now (But There’s an Easy Fix) (Update: All Clear!)


Don't panic. You might have trouble finding GIFs to describe your feelings for a little bit, because there's a exploit spreading on Tumblr that's effectively shutting down your favorite sites. And, if you so much as click on the wrong post, shutting down your own.
The exploit, spearheaded by the anti-blogging hacker group GNAA, seems to have originated when the post above—an ideological GNAA screed—appeared on the Tumblr for the Daily Dot, an online news site. Click on the post, your own Tumblr displays it as well. Over 8,600 unique Tumblr users have reportedly been infected so far, including USA Today, the Verge, and EW.
Bottom line: do not click if you see the above, and don't tweet out links to it, or you'll get/give the worm too if you're logged into Tumblr.
In the past, the GNAA has targeted such prominent sites as CNN, Wikipedia, and the Obama campaign site. The GNAA has been around since the early 2000s, and it exists basically to disrupt websites. Not much is known about the organization's internal structure, but it was once run by convicted iPad hacker Andrew "Weev" Auernherimer. At the end of October, the GNAA tricked people into thinking there was mass looting after Hurricane Sandy. Today's exploit is apparently, a campaign against bronies.
The hack seems to be spreading pretty quickly. One of the hackers, @Gary_Niger is tweeting out the numbers:
In fact, the number infected doubled in just 13 minutes:
The good news, though? There seems to be an easy fix. In the event you're infected, go to the Tumblr mass editor, delete the bad posts, and refresh. And though there's not evidence the GNAA has actually accessed your account, you should go ahead and change your password. This exploit shouldn't last longer than about 10 minutes. In the meantime, avoid visiting individual Tumblrs and stick to the dashboard. Fear not, precious GIFs will return soon. [h/t@ryanhatesthisBlueChooChoo]
Update 1: Here's Tumblr's statement on the issue:
There is a viral post circulating on Tumblr which begins "Dearest 'Tumblr' users". If you have viewed this post, please log out of all browsers that may be using Tumblr immediately. Our engineers are working to resolve the issue as swiftly as possible. Thank you.
Update 2: It looks like patient zero wasn't Daily Dot, but rather OhMyGodAnyway.tubmlr.com.
Update 3: Based on who we've talked to, the virus is spreading using a data-uri script tag in the video embed field to post itself over and over the users blog. What that means is it's running a harmful script through the part of Tumblr that allows embeds from video sites like YouTube or Vimeo. Again, don't click anything on the malicious post.
Update 4: The GNAA says today's attack is not just a war on Bronies, but a total war on blogs. The group claims it warned Tumblr two weeks ago but heard no response.
Update 5: All clear, says Tumblr. You may now return to your regularly scheduled tumbling:
http://gizmodo.com/5965154/tumblrs-getting-massively-hacked-right-now-but-theres-an-easy-fix

No comments:

Post a Comment