"Thousands" of Tumblr logins have reportedly been compromised after a widespread phishing attack scammed users into handing their information over to an untrustworthy third party.
According to a post from GFI Labs, a part of software vendor GFI Software, the attack started with a site, designed to look like an official Tumblr page, that offered people the chance to take a "Tumblr IQ Society" quiz if they entered their login credentials. The scam has evolved, and now uses the promise of pornography to get at people's information, directing people to a landing page that reads, "This page contains adult content. Please revalidate your credentials."
"The problem does indeed seem to be out of control at this point," wrote GFI Labs in a blog post, noting that the scammers have successfully grown the scale of the attack by taking over the compromised accounts and using them gain access to even more logins.
Tumblr did not immediately respond to a request for comment on the matter.
Users can find out more about phishing scams affecting Tumblr on Phishing-Alert.Tumblr.com. An email allegedly from Tumblr, obtained by GFI Labs, outlines additional advice Tumblr has for users who have been affected by the scam. The email advises these users to immediately change their passwords and has instructions for how to change the appearance of their page.
Were you affected by the phishing scam? Let us know in the comments below.