Phishing attack nets Tumblr logins

Users of the microblogging site are being warned not to fall prey to phishing scam.

This is a screenshot of a phishing page that is stealing Tumblr users' login credentials.
This is a screenshot of a phishing page that is stealing Tumblr users' login credentials. GFI Labs

For the past few days users of microblogging site Tumblr have been targeted with phishing scams that require people to type in their login credentials to see adult content, GFI Labs warned today.

"The data we saw contained 8,200 lines of text stretched across 304 pages of Microsoft Word, and even accounting for the inevitable duplicates and fake data that's still quite the goldmine of pilfered login credentials," the post says.

The attack displays pages of Tumblr users whose accounts have been compromised and converted into fake login pages and the Web addresses are redistributed, the post says, adding that some of the compromised accounts were prompting people to login on that same page while others were redirecting people to a different Web site.

The problem has become so pervasive that Tumblr users set up anti-phishing sites to help prevent others from being duped, according to GFI Labs. Several domains that were used in the scam are now inaccessible, the company said.

GFI Labs speculated that the stolen accounts might be harvested for use in some advertising affiliate scam or they could be tested to see if people have used the same credentials on other sites.

 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

HOT ON CNET

Delete your photos by mistake?

Whether you've deleted everything on your memory card or there's been a data corruption, here's a way to recover those photos.