Pinterest comes under spam attack

11 thoughts on “Pinterest comes under spam attack”

  1. It didn’t replace pictures. It added pictures without your consent. It also liked posts and started following people without your consent. You can undo all that by deleting, but it seems fairly insecure.

  2. That “hot little company” Pinterest, is harming photographers and their businesses through Terms of Service that allow the company to use images, without payment to photographers…. Most users don’t even know it.

  3. Very unfortunate and unfortunately all too common. It was probably a cross site scripting (xss) attack. These attacks are very difficult to prevent and many big websites including Nytimes.com and Symantec.com have been hit by xss exploits and man-in-the-middle attacks.

  4. This attack was a persistent cross-site scripting attack using an unsanitized iframe in the description textarea. The iframe loaded Javascript from an overseas site and posted back like+follow to Pinterest. It also hid the ‘report this pin’ and ‘edit’ buttons from the UI.

    I happened to be on Pinterest at the time and captured data, screenshots, and the exploit code.

This site uses Akismet to reduce spam. Learn how your comment data is processed.