Article Lead Image

Trolls hack Tumblr: “Never expected it to get this big”

A Tumblr post infected with a worm has spreading like wildfire, making many users' dashboards entirely unusable. 


Kevin Morris


Posted on Dec 3, 2012   Updated on Jun 2, 2021, 6:17 am CDT

Tumblr just got taken to its knees by a blockbuster hack. If you see something on your dashboard about emo kids and suicide and bleach, don’t click it. And avoid at all costs anything you see sourced to the Gay Ni**er Association of America (GNAA).

The group discovered a way to to self-propagate posts on the massive social blogging network. Just a few hours after going live early Monday morning, the hack had infected more than 6,000 blogs (including, briefly, ours), according to a GNAA member identifying himself as “Leon Kaiser,” the group’s “head of public relations.”

“The guy who found the bug messaged me about six hours ago, and we went live just under three hours ago,” Kaiser said. “We started with one post on a brand new Tumblr blog, I sent the link to a few people, and it went from there.

“Well, it looks like we’ve reached nearly 6,000 unique users affected. … Never expected it to get this big.”

The post—an angry rant against Tumblr users—is pure trolling clickbait. Buried in the post is a worm, and clicking it allows the post to propagate to your Tumblr blog, too. Repeat enough times and you have a near Tumblr apocalypse.

But don’t fear! It’s easy enough to clear your dashboard of the infection. Despite what the message claims, go ahead and delete the posts. Nothing will happen. Your Tumblr won’t disappear. We deleted the post at our Tumblr, and everything’s back to normal.

If your account has been hit with a large number of the spam posts, some Tumblr users are recommending using the Tumblr-centric browser extension Missing E to delete them all at once.

GNAA—which boasts hacking group Goatse Security as a subsidiary and whose former head is legendary troll/hacker weev—has launched multiple high-profile hoaxes in the past, including one this November, when they exposed racial biases in the media by posting obviously fake, racially charged tweets about looting in the aftermath of Hurricane Sandy.

In a mass message to its users, Tumblr has claimed it’s working to solve the problem.

“There is a viral post circulating on Tumblr which begins ‘Dearest ‘Tumblr’ users’. If you have viewed this post, please log out of all browsers that may be using Tumblr immediately. Our engineers are working to resolve the issue as swiftly as possible. Thank you.”

Update: In an interview with Gawker’s Adrian Chen, a GNAA associate claims Tumblr knew about the exploit well in advance: “We contacted Tumblr about this weeks ago and nothing came of it. This was a serious issue that needed to be fixed. Someone would have done a lot worse than just posting a message over and over if they didn’t fix it right away.”

At 1:21pm ET, the Daily Dot was informed that “Tumblr engineers have resolved the issue of the viral post attack that affected a few thousand Tumblr blogs earlier today.” 

Illustration via Mr. GIF/Imgur

Share this article
*First Published: Dec 3, 2012, 1:40 pm CST