A number of Tumblr accounts were hacked Dec. 3, courtesy of the GNAA, an anti-blogging Internet-trolling organization with a reputation for racist rants.

The group created a worm that let loose a stream of racist, offensive and profane spam into users’ dashboards.

The post started off with “Dearest ‘Tumblr’ users” before launching into a vulgar rant aimed at “emo” users.

“This is in response to the seemingly pandemic growth and world-wide propagation of the most f—ing worthless, contrived, bourgeoisie, self-congratulating and decadent bulls–t the Internt ever had the fortune of facilitating.”

Aside from the racist ramblings, the hacker’s post also suggests the account owners “drink bleach and die.”

The group was able to hack the site due to a Javascript code that enables Tumblr’s users to repost other users’ blogs, according to CNN. The group used this feature to automatically repost its on own rantings on the Tumblr blog of anyone who clicked on it.

According to BuzzFeed, the first major blog affected was that of The Daily Dot, a news site that focuses on Web communities. From there, the spam was dispersed to nearly 9,000 other blogs. Also hit by the cyber worm were the Tumblr accounts of USA Today, The Verge and Entertainment Weekly. The hacker’s posts were signed by the GNAA.

A GNAA press release, indicated the target of the worm was the Tumblr Brony tag, a meeting place for fans of My Little Pony Friendship Is Magic.

“GNAA operatives are in the middle of plotting of a long ‘brony-removal drive’,” said GNAA interim vice-president Meepsheep, “which will include DMCA drives en masse of both YouTube and Twitter.”

GNAA Interim President Leon Kaiser, in an e-mail to a number of news sites, said the effort was part of the organization’s “anti-blogging” campaign. He said the group takes a dim view of blogging in general.

“In short, blogging is lowering journalistic standards to the point where the number of friends a murderer has on Facebook has become news,” he wrote in an e-mailed statement.

“Tumblr is a blogging website whose employees we have found, time and time again, to put the safety of their users second to their revenue. Instead of hiring competent, dedicated staff, they hire part-time programmers who can’t even defend against the most basic of security issues, such as XSS.”

A GNAA spokesperson told Gawker the group had contacted Tumblr about a security issue “weeks ago and nothing came of it. This was a serious issue that needed to be fixed.”

Tumblr announced on Twitter it had  “resolved issue of the viral post attack” by about 1:30 p.m. EST.


Tags: , , , , , , , , , , , , , , , , , , ,