Tumblr worm hitting websites, posting identical message from GNAA

Tumblr worm

There appears to be a worm impacting many Tumblr websites, defacing pages with an identical message.

Hacked Tumblr webpage

The message, was posted alongside an image of a man and the logo of a group called the “GNAA”.

The “GNAA”, the Gay N***** Association of America, is an association of internet trolls that seems to have a particular delight in winding up bloggers with racist posts.

At the time of writing, Tumblr does not appear to have said anything about the problem. However, many Tumblr users have turned to other social media outlets to share their concerns that they have been hit by a worm.

For instance, news website The Verge told its readers that its Tumblr had fallen victim to the hack:

The hack is still being investigated, and we’ll update this article as we find out more. In the meantime, however, we would recommend that internet users do not visit Tumblr sites – in particular if they run their own Tumblr page and are logged into the site as this is a possible method through which the attack could be spread.

Of course, Tumblr isn’t the first social media site to be hit by a fast-spreading worm. For instance, a couple of years ago Twitter was widely hit by a worm that exploited cross-site-scripting (XSS) vulnerability.

See also: How the Tumblr worm spread so quickly

Update: Tumblr has now issued a statement about the security problem:

When I tried to post to Tumblr from a test account I was presented with the following message, which may indicate that Tumblr has temporarily disabled posting to prevent the worm from spreading further:

Tumblr stops new posts

Further update: Tumblr says that it has now resolved the issue: