Security Blog

Tumblr Microblogging Service Hit by Phishing Attack


Popular microblogging service Tumblr has been hit with a “rather aggressive phish attack” over the past few days, according to GFI Labs security researchers Christopher Boyd and Jovi Umawing. Legitimate Tumblr users are being asked for their login information – in this case the phish seems to promise access to adult content – and the user unknowingly enters their Tumblr login and password information.




GFI Labs mentions that Tumblr now has an automated email service to reply to phishing reports, and a number of Tumblr users have taken matters into their own hands by creating Tumblr sites dedicated to doling out anti-phishing tips and advice.

Basic anti-phishing best practices still apply with this recent spate of Tumblr attacks, such as:

  • Launch a new browser window when visiting sites that require you to supply login information.
  • Never follow suspicious links in emails.
  • Use services like Qualys BrowserCheck to make sure your web browser is updated.
  • Always create and use a sufficiently complex login password.
  • Install and monitor email spam filters that can catch email-borne phishing attempts.

Are you a Tumblr user? If so, does this news make you think twice about hosting a blog with this service? Feel free to add a comment to this blog post or start up a discussion on Twitter.

Follow Jeff James on Twitter at @jeffjames3

Follow Windows IT Pro on Twitter at @windowsitpro

Related Content:

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.