Hackers Target Tumblr and Instagram! 3 Ways to Keep Your Photos Safe

We all have that one friend on Facebook or Twitter that constantly complains about life, listing problems large and small with equal fervor.   The worst part is that these status updates are often accompanied by photos.  It’s as if words aren’t enough.  Good thing you can just mute their posts, or better yet, delete and block them.  But not everyone is so tolerant.  Some hackers are going to the extreme, unleashing malware with a message.

Tumblr attack infects major blogs

There’s a viral post spreading on Tumblr infecting thousands of accounts, including those from prominent blogs such as Reuters, CNET, and The Verge.  According to reports, there are already 8,600 unique Tumblr accounts infected, and the number appears to be rising.

The viral post, which starts with “Dear ‘Tumblr’ users,” was unleashed by the notorious troll group Gay Nigger Association of America (GNAA) who made it clear that their sole purpose is to stop people from blogging or posting nonsense photos.

Tumblr is aware of the problem, warning users that if they have encountered the above post, they should quickly logout of their Tumblr account and close all browsers that might be using Tumblr.  Usually, browsers warn users if a site they are visiting holds unsafe content and will ask if they are sure that they want to visit the site.  If the warning is ignored, you can rest assured that you’ll be infected.


Instagram attack for iPhone users

Security researcher Carlos Reventlov notified Instagram on November 11, 2012 that version 3.1.2 of their iPhone app released last October has a vulnerability that could allow hackers take over a user’s Instagram account.

Reventlov discovered that, though log-in and editing profile data were encrypted, other data are being sent in plain text.  The plain-text-cookie can then be intercepted as long as the hacker is on the same LAN as the victim.  When the hacker gets hold of the cookies, he now has access to a user’s photos, able to delete or download them.

“When the victim starts the Instagram app, a plain-text cookie is sent to the Instagram server,” Reventlov wrote. “Once the attacker gets the cookie he is able to craft special HTTP requests for getting data and deleting photos.”

Secunia, a Danish security company has verified Reventlov’s claims and issued an advisory.  Instagram nor it’s parent company Facebook have yet to comment on the issue or release a fix.

3 Ways to Stay Safe!

There will always be threats in the world, online or physical.  So it’s always smart to be a step ahead of the attackers.  Here are three basic tips to keep your online accounts safe:

Keep passwords locked in your head, or at least somewhere no one can get it and use it to access your account.  Also, it would be best if you change passwords every 3-6 months, just to be sure.

Do not click on shady links.  If you don’t know what that link is for, or if you’re not sure if your friend really did recommend that link, do not click on it.  You can usually tell if a link is questionable when you hover your cursor on it and it shows you a different link than what is sent to you.

Get an antivirus service.  Don’t tell me that antivirus are just for PCs.  Your mobile devices are not only computing devices, but also just as susceptible and need some form of protection.  An added bonus: antivirus services will also warn you if you’re about to visit an unsafe site or download an unsafe app, warning you to stay away.