A woman happily stares at her laptop, juxtaposed with an image of Pillowfort's logo.

D-sign Studio 10/Shutterstock Pillowfort (Licensed) Ana Valens

After security woes, Tumblr alternative Pillowfort promises relaunch

Users found 'old school' exploits after the site's debut.


Ana Valens

Internet Culture

Published Mar 23, 2021   Updated Mar 23, 2021, 1:15 pm CDT

Pillowfort, the NSFW-friendly Tumblr social media alternative, is set to return in April. The social media network announced the news on Friday after a turbulent winter launch.

A message on the Pillowfort website explains that the site, which initially launched its free public registrations on Jan. 25, had “some security-related issues” that required the site to be pulled offline for a full overview and investigation.

Pillowfort is onboarding a security consultant for a sitewide evaluation during the end of March, the site notes, and now projects a relaunch “sometime before the end of April 2021.” The social media network initially planned for an end of March reopening.

“Meanwhile, our developers are using the downtime to complete a thorough assessment of Pillowfort and finish systemic improvements of our site’s security & permission checks from the top down to strengthen our platform in the long term, and to ensure such issues do not occur again,” the site’s message says.

Pillowfort’s January launch was marked with a series of bugs and exploits that would allow HTML-based user exploits, or cross-scripting attacks, Vice reports. This included an HTML injection that would sign users out through an image load request, sparking fears that malicious users could implement scripts to steal user data.

These exploits raised concerns for Pillowfort’s target demographic, which includes ex-Tumblr users, adult content creators, and sex workers. Sex workers, in particular, may be at serious risk if a security flaw or exploit leads to a personal data leak.

In a Q&A posted on Twitter on March 19, Pillowfort said its team restructured “certain parts of Pillowfort’s coding, as well as our development process itself” to make sure the previous vulnerabilities “will not arise again.”

“While completing this process is lengthy & inconvenient to our current user base due in part to limited resources & staffing, we are confident the end result of our new audit & site restructure benefit’s Pillowfort’s long-term longevity,” Pillowfort tweeted.

The Daily Dot reached out to Pillowfort for comment.

Must-reads on the Daily Dot

‘Look at this lady, wasting my day’: Barber says Karen called 911 because he gave teen a ‘bad haircut’
‘I heard you give your number for the receipt’: Man gets woman’s number in creepy way at Burlington
‘Black kids matter’: Viral video shows white teacher fighting Black student, sparking protests
Sign up to receive the Daily Dot’s Internet Insider newsletter for urgent news from the frontline of online.

Share this article
*First Published: Mar 23, 2021, 12:56 pm CDT