11 thoughts on “Pinterest comes under spam attack”

  1. Until this article, I had not heard of this Pinterest. Penalties for this type of abuse need to be much more severe.

  2. It didn’t replace pictures. It added pictures without your consent. It also liked posts and started following people without your consent. You can undo all that by deleting, but it seems fairly insecure.

  3. That “hot little company” Pinterest, is harming photographers and their businesses through Terms of Service that allow the company to use images, without payment to photographers…. Most users don’t even know it.

  4. Very unfortunate and unfortunately all too common. It was probably a cross site scripting (xss) attack. These attacks are very difficult to prevent and many big websites including Nytimes.com and Symantec.com have been hit by xss exploits and man-in-the-middle attacks.

  5. This attack was a persistent cross-site scripting attack using an unsanitized iframe in the description textarea. The iframe loaded Javascript from an overseas site and posted back like+follow to Pinterest. It also hid the ‘report this pin’ and ‘edit’ buttons from the UI.

    I happened to be on Pinterest at the time and captured data, screenshots, and the exploit code.

Leave a Reply to Rick Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.