For the past week we’ve started seeing a lot more tumblr scams, free tickets, best buy, coffee. They all have the “Tumblr. Staff Blog” title to masquerade as legitimate deals, but they link you to advertisements and probably expose you to security exploits.
I have a few recommendations:
- Avoid clicking shortened links.
- Don’t put your Tumblr email and password anywhere. If the website or app is using oAuth or xAuth it should be okay. Unlike many other iPad Tumblr Apps we’ve implemented xAuth into Ripplr from the beginning.
- If you’re logging into Tumblr, make sure there’s a signed certificate. This is represented by a little padlock or a nice green block near the address bar, depending on your web browser. Click it to make sure.
- For the extra paranoid, change your passwords!
If your account has been hacked, check out this page http://www.tumblr.com/docs/en/email_address Its the official account recovery website.
Don’t forget to reblog this to your followers to promote the security of their blogs.