Anti - Phishing on Tumblr


I fell for this a couple of days ago, but my tumblr hasn't changed. After seeing what I had done I changed my password, should my tumblr be safe now?


Yes, absolutely change your password and if you reused the same password elsewhere change it too.

Each time we got the phisher’s hosting shut down the file where login info was posted reset when the site reappeared.

It’s possible that some of these shut downs caused data to get lost and therefore keep some people from getting their accounts compromised. But we do not know if the phisher or anyone else was backing up that file somewhere, so it is very possible the information is floating around somewhere and might be used later.

What does somebody want with that many Tumblr logins? We can only guess. The stolen accounts could be used as some form of advert affiliate money making scam, or maybe we could see lots of pages with survey popups pasted over them. There is the very real possibility that the Tumblr accounts are simply a way to test if those users are logging into other services with the same credentials - at that point, everything from email accounts to internet banking sites could be fair game.

At time of writing, all three .com URLs are not resolving, although whack-a-mole has been taking place with these sites for a few days now. They could well return at some point (indeed, one of the free webhost phish pages is still alive despite countless reports to the host) and Tumblr users would do well to verse themselves in the art of phishing scams, and fast. These issues make the recent messaging spamrun on Tumblr look like a very small drop in the ocean at this point.

- GFI LABS Blog: Thousands of Tumblr Logins Stolen in Phishing Attack

do you know if all the sites are down now? is it over?


All the sites I am aware of have been down for over 12 hours. It may be over. :)

I’ll keep you folks updated if I hear of any others that are up. If anyone sees another one, please let me know.

press release, good one.

redirects that I check repeatedly.

All the engineers really had to do is contact the short url providers, (like is. gd) and tell them to change where the link went... Little bit of htacess work, no big deal...

So this is just a temporary fix then, because the phisher will make new short urls.

All of the redirects go back to the dashboard now.
Tumblr's engineers had that working hit or miss yesterday, it seems consistent today.

Thanks! Do you have a source for a press release or anything on this?

Hey bro, can you check on this new format? dreamydream(dot)tumblr I clicked on it and it just redirected back to the tumblr dashboard. I hope I have not been compromised. But I think I will stop viewing new followers blogs during this period.

This is not the first that I have seen of this format. The fix works the same for this type. I am not sure though what the goal is with this type or if maybe it is an error on the phishers part.

You hit CAPS Lock, didn't you?: Tumblr Scam Running Rampant, Please Help Stop It!

A good visual explanation of the phishing attacks, including how to block accounts.


New phishing scam is on the loose in the tumblr community… let’s help stop it.


I have been seeing a disturbing trend lately involving fraud and phishing scams with people following me and I want everyone else to be vigilant about this. You may ask,

“Why do I need to worry if I never go on…

Help, don’t blame

I’ve seen a lot of posts with people warning individuals about certain usernames that redirect to phishing sites.

While the sentiment is probably pure, this is not the most effective strategy.

These accounts were real accounts, not fake ones makes by the phisher. These are the accounts of people who fell for the phishing scam.

We’ve seen that when people know how to fix their account it is actually very very easy to recover their page. So your warning may be warning about someone whose account will be fine shortly. Furthermore, the number of hijacked accounts is massive and constantly fluctuating. Creating a list of all hijacked accounts is not an efficient use of time.

Instead here is my suggestion for how to help. This method is something anyone can do even if you are not tech savy.

Whenever you are followed by a phishing account: Reach out to the original owner of the account. 

Many people use the same username in multiple places. See if you can find them on another social media platform.

Also using the google cache you can try to access their ask box in the cache and send a message. The cache will show the account as it appeared before the takeover. Also their cached version of their page may give clues for how to contact them.

For every person you help get their page restored you also help cut back on the chances of others falling for the phishing scam.

Hi all,

Hope you slept well and did not have bad dreams about being chased by fishies.

I finally was able to speak to the folks at the phisher’s domain registrar. Their support person was not helpful and just referred me to their legal team who is apparently only contactable by email (

The support person said 24-48 hours for a response. I am very skeptical that this route will help with anything, but we will see.

Also, just to add to my last post. Yes it is safe just to view the phishing page as long as you don’t enter your info. True it’s better safe than sorry, because it is always possible things could change. However I’ve seen a lot of posts from people saying they’re scared to use tumblr right now and scared to look at new followers pages. The purpose of this information is to let people know that they can use tumblr still as always, they just need to be cautious about where they enter their password.

Thought you might be interested to know that archives of compromised blogs don't redirect! I'm not even sure if that helps. haha


Yes, this has been pointed out earlier  It’s a very useful bit of info.