Tumblr spammers blast blog site over slow response to attack warning
Blogging platform falls victim to spammers.

The group responsible for carrying out an attack on Tumblr, which resulted in abusive messages being posted on thousands of users' blogs, claim they warned the site an attack could happen weeks ago.
The blogging site was hit by a spamming group called GNAA yesterday who used the platform to post a 200-word anti-Tumblr rant on thousands of the firm's blogs.
"This is in response to the seemingly pandemic growth and worldwide propagation of the most F******G WORTHLESS, CONTRIVED, BOURGEOISIE, SELF-CONGRATULATING AND DECADENT B******T THE INTERNET EVER HAD THE MISFORTUNE OF FACILITATING," the post stated.
We contacted Tumblr two weeks ago...but they never got back to us.
In an interview with news site Gawker, a person reporting to be a GNAA spokesperson, said the group warned Tumblr an attack could take place weeks ago.
"Someone would have done a lot worse than just posting a message over and over if they didn't fix it right away," said the spokesperson.
"We contacted Tumblr about it about two weeks ago. We used the 'can't find what you're looking for' link at the bottom of the email troubleshooting page. They never got back to us."
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
The site is used to publish more than 70 million posts a day and reportedly hosts nearly 71 million blogs.
In a blog post, a Tumblr spokesperson said the firm had moved quickly to resolve the issue.
"We quickly identified the source, removed the posts, and restored service to normal," the post stated.
"No accounts have been compromised, and you don't need to take any further action."
In a further post on the Naked Security blog, Graham Cluley, senior technology consultant at security software vendor Sophos, was able to shed some light on how the attack was carried out.
"The worm took advantage of Tumblr's reblogging feature, meaning that anyone who was logged into Tumblr would automatically reblog the infectious post if they visited one of the offending pages," wrote Cluley.
"Each affected post had some malicious code embedded inside them...If your computer was logged into Tumblr, it would result in the GNAA content being reblogged on your own Tumblr," he added.
-
Security experts issue warning over the rise of 'gray bot' AI web scrapers
News While not malicious, the bots can overwhelm web applications in a way similar to bad actors
By Jane McCallion Published
-
Does speech recognition have a future in business tech?
Once a simple tool for dictation, speech recognition is being revolutionized by AI to improve customer experiences and drive inclusivity in the workforce
By Jonathan Weinberg Published
-
96% of SMBs are missing critical cybersecurity skills – here's why
News The skills shortage hits SMBs worse as they often suffer from a lack of budget and resources
By George Fitzmaurice Published
-
Sophos Firewall Virtual review: Affordable network protection for those that like it virtualized
Reviews Extreme network security that's cheaper than a hardware appliance and just as easy to deploy
By Dave Mitchell Published
-
MSPs are struggling with cyber security skills shortages
News A shortage of tools and difficulties keeping pace with solutions were also ranked as key issues for MSPs
By George Fitzmaurice Published
-
Nearly 70 software vendors sign up to CISA’s cyber resilience program
News Major software manufacturers pledge to a voluntary framework aimed at boosting cyber resilience of customers across the US
By Solomon Klappholz Published
-
Sophos and Tenable team up to launch new managed risk service
News The new fully managed service aims to help organizations manage and protect external attack surfaces
By Daniel Todd Published
-
Ransomware groups are using media coverage to coerce victims into paying
News Threat actors are starting to see the benefits of a more sophisticated media strategy for extracting ransoms
By Solomon Klappholz Published
-
Shrinking cyber attack “dwell times” highlight growing war of attrition with threat actors
News While teams are becoming more proficient at detecting threats, attackers are augmenting their strategies
By Ross Kelly Published
-
Cyber security in the retail sector
Whitepapers Retailers need to ensure their business operations and internal data aren't breached
By ITPro Published