Tumblr Hack: 4 Security Reminders For SMBs


The ease and speed with which anyone with anyone can create a website these days can be a great thing, especially for smaller businesses short on resources or technical know-how. Unfortunately, those same benefits double as security risks.

That was on display Monday when the online troll group GNAA compromised the popular blogging platform Tumblr. Several thousand affected sites were taken over by a page that, to put it mildly, was not safe for work. Tumblr acknowledged the breach on Twitter. It announced later in the day that the problem, which Tumblr said affected “a few thousand” accounts, had been resolved.

“We quickly identified the source, removed the posts, and restored service to normal,” the company said on its own Tumblr blog. “No accounts have been compromised, and you don’t need to take any further action.”

[ Cybercrooks don’t necessarily just follow the money.
Read more atHow
Cybercriminals Choose Their Targets
. ]

The security firm Sophos attributed the breach to a fast-spreading worm. Any Tumblr users who visited an infected site while logged in immediately and unknowingly re-blogged the worm. In essence, the worm made use of one of the features that has made Tumblr a hit: the ease with which users can share and re-share content.

That’s among the reasons Tumblr makes an attractive target for hackers, trolls, and the like: Plenty of people — to the tune of 170 million — love it. That also means plenty of SMBs use it for marketing, customer service, microsites, or even as a full-blown Web presence. The same can be said of other low-cost, easy-to-use publishing platforms such as WordPress, Blogger, and others.

Whether you use Tumblr or not, here are four timely website security reminders.

1. Check your code.

Most website security problems start with the underlying source code. That appears to be the case in Monday’s breach, according to Sophos’ technical breakdown of the Tumblr worm. Code vulnerabilities can lead to malware, SQL injections, and other security exploits. Whether you write your own code, use someone else’s, or manage a combination of both, don’t simply trust that it’s all safe and secure.

Give your code a regular checkup. Start with your Internet service provider or website host; ask what vulnerability testing and monitoring services they provide. It’s possible such services are included as part of your existing agreement. If not, there are loads of security vendors out there who would be glad to take care of this for you, often in automated behind-the scenes fashion


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: