Tumblr worm hitting websites, posting identical message from GNAA

Graham Cluley
Graham Cluley
@[email protected]

There appears to be a worm impacting many Tumblr websites, defacing pages with an identical message.

Hacked Tumblr webpage

The message, was posted alongside an image of a man and the logo of a group called the “GNAA”.

The “GNAA”, the Gay N***** Association of America, is an association of internet trolls that seems to have a particular delight in winding up bloggers with racist posts.

Sign up to our free newsletter.
Security news, advice, and tips.

At the time of writing, Tumblr does not appear to have said anything about the problem. However, many Tumblr users have turned to other social media outlets to share their concerns that they have been hit by a worm.

For instance, news website The Verge told its readers that its Tumblr had fallen victim to the hack:

The hack is still being investigated, and we’ll update this article as we find out more. In the meantime, however, we would recommend that internet users do not visit Tumblr sites – in particular if they run their own Tumblr page and are logged into the site as this is a possible method through which the attack could be spread.

Of course, Tumblr isn’t the first social media site to be hit by a fast-spreading worm. For instance, a couple of years ago Twitter was widely hit by a worm that exploited cross-site-scripting (XSS) vulnerability.

See also: How the Tumblr worm spread so quickly

Update: Tumblr has now issued a statement about the security problem:

When I tried to post to Tumblr from a test account I was presented with the following message, which may indicate that Tumblr has temporarily disabled posting to prevent the worm from spreading further:

Tumblr stops new posts

Further update: Tumblr says that it has now resolved the issue:

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.