In an update, Tumblr issued a statement noting that "a few" thousand accounts were affected by the spam post. Tumblr apologized for the inconvenience and said that no accounts had been compromised. "We quickly identified the source, removed the posts, and restored service to normal," the company said.
As reported on Dark Reading, David Marcus, director of advanced research and threat intelligence for McAfee, noted that the Tumblr attack showed the dangers of staying logged into an online service. He recommended that users log out of Tumblr and restart their web browsers to eradicate any residue code on their systems.
- check out this article at Dark Reading