Phishers Steal Thousands of Tumblr Logins

Users are being redirected to fake login pages

Another day, another major hacking scandal. This time, microblogging service Tumblr is the victim.

Over the past few days, an aggressive phishing attack has targeted Tumblr users, using fake login pages that promise to show users “adult content” if they revalidate their account credentials. According to GFI Labs Blog, the pages involved are all Tumblr users who have previously been compromised. Once their accounts are hacked, their Tumblr homepages are redirected to the fake sites. Three domains are known to be involved in the scam: tumblriq(dot)com, tumblrlogin(dot)com, and tumblrsecurity(dot)com.

The problem has gotten so bad that Tumblr users are setting up anti-phishing sites, and Tumblr itself has been sending out auto-reply emails to address the problem and give instructions on how to avoid and eliminate the fake pages.

On one drop zone for the stolen logins, GFI found a “gold mine of pilfered login credentials”—8,200 lines of text stretched across 304 pages of a Microsoft Word document. As for what the hackers are planning to do with this information, GFI says that “the stolen accounts could be used as some form of advert affiliate moneymaking scam, or maybe we could see lots of pages with survey pop-ups pasted over them.”

At worst, the phishers could be testing whether Tumblr users are logging into other websites with the same credentials—giving them access to everything from email accounts to Internet banking sites.