14 DAY TRIAL // Security researchers warn about new phishing attacks targeting Tumblr users that have already compromised thousands of accounts.
Users are lured with messages promising them adult content, however, when they click on the advertised links, they are redirected to fake Tumblr login pages that read "This page contains adult content. Please revalidate your credentials."
What is interesting about the attack is that the rogue pages are hosted on the actual Tumblr accounts that get compromised, abusing a feature of the microblogging platform.
The scams have become so widespread that Tumblr has created an automated reply for people reporting them. Security researchers from GFI Labs stumbled on a single cache that had 8,200 stolen credentials.
The automated reply sent by Tumblr's support team advises users to change their passwords on the platform, as well as on any other website where they might have used it.
People who got their layouts modified to display fake login dialogs are instructed to visit a settings page which allows them to disable support for custom HTML and choose a new theme.
Users affected by such scams should also check if they were forced to follow rogue blogs and remove them. The option of deleting and recreating the account is also available, but it should only be used in extreme circumstances, as it will lead to the loss of all previous data.
"What does somebody want with that many Tumblr logins? We can only guess. The stolen accounts could be used as some form of advert affiliate money making scam, or maybe we could see lots of pages with survey popups pasted over them," the GFI researchers note.
"There is the very real possibility that the Tumblr accounts are simply a way to test if those users are logging into other services with the same credentials - at that point, everything from email accounts to internet banking sites could be fair game," they add.