[bluetidepro]

I have seen this style of "account virus" post on Tumblr for months now. I have seen this exact post quite a few times in the past week. It's just like you see on Twitter or Facebook with people who get their accounts compromised and it auto-posts spam.

You just need to change your password and/or see what apps have access ( https://www.tumblr.com/settings/applications ). Maybe clear your browser cookie/cache/etc. to be safe, as well. That's how my friend got rid of that auto-post junk of her Tumblr account.

[samarudge]

More info http://www.theverge.com/2012/12/3/3722112/tumblr-hack-gnaa

Tumblr are suggesting you log out/clear cookies if you visited any of the hacked sites

> There is a viral post circulating on Tumblr which begins "Dearest 'Tumblr' users". If you have viewed this post, please log out of all browsers that may be using Tumblr immediately. Our engineers are working to resolve the issue as swiftly as possible. Thank you.

[dutchbrit]

Well, they deleted the post.. Let's see if they really remove all Tumblr posts or if it was a sad little bluff (I hope the latter).

[arjn]

Doesn't look like it. I checked some other tumbler pages and they're ok. Its only this "theverge" tumblr page.

[look_lookatme]

XSS worm

[arjn]

how does it work ?

[sparkinson]

This is a guess:

User opens up their dashboard, which displays a post that contains the XSS.

That script then makes a post using the users account to their own blog, further spreading the rogue script.