Help! My Tumblr Account May Have Been Hacked!

by: Omri Toppol Mar 30,2016

Think your Tumblr account has been hacked? If you still have access to it, here’s what you need to do right away. (And if you don’t have access to your account anymore, skip to here.)

1. If your Tumblr was hacked, there’s a good chance your email was too.

Start by checking if your email account has been hacked - because most hacks start within your email.

Do it using this free tool to find and help you remove exposed passwords, credit cards, bank and social security numbers in your email account, and keeping you safe.

The tool will keep you safe by removing any and all private data putting you at risk for credit card and identity theft. So if hackers hack your inbox, they won’t find what they’re looking for, and you’ll be protected.

You can also notify friends who sent or received the risky email, and ask them to delete the thread. Once you’ve managed your email, you can now deal with your Tumblr account.

2. Check active sessions

Go to the Tumblr account settings and check which devices are currently logged into your account.

If you see any unfamiliar devices logged in or any unfamiliar locations, click the X on the right side of that piece of session information.

This does not mean your account is safe – a hacker can still use your credentials to log back into your account. What this can do is stop any illegal activity for the moment.

3. Verify that your email has not been changed

One of the first things a hacker will do to your Tumblr account is change the email address linked to the account.

Once this happen, Tumblr won’t be able to send you any emails to reset your password or to help take charge of your account.

To verify that your email has not been changed, go to the account settings of the associated email account.

Remember, hackers usually change the email address to something similar to yours, so pay close attention to see if yours has been changed.

If the email address has been changed, click on the pencil icon and switch it back to yours, or better yet, to a more secure email account that hasn’t been compromised.

You will need to provide your password for the change to take place.

4. Go over apps permissions

Scan the current list of apps that you’ve given permission to access your account via the apps page.

If you see unfamiliar apps that are attached to your account, click “Revoke Access” next to each of them to remove these privileges.

5. Change your password

On the account settings page, click the pencil icon on the right side of the “Password” row.

Change your password to something more complex, using lowercase letters, uppercase letters, and digits.

Throw in some special characters like a hash tag or exclamation point, and make sure it is at least 8 characters long.

Simple dictionary words are easy to guess, so avoid these too.

If you spotted suspicious-looking activity before changing the password (as in #1 above), refresh the page and make sure that the hackers were unable to log in again while you were changing your password.

Also make sure that any apps you revoked permission to (as in #3 above) no longer appear on your permitted list.

6. Reset posting permissions

On the right hand pane of the account settings, click on your blog’s name.

Scroll to “Post by Email” and click on “Reset Address.” This stops hackers from posting to your account after you’ve taken all the steps above.

7. Check your other accounts

Attackers will take advantage of people who reuse passwords to access other accounts from the same person.

If you’re reusing your password in other websites (like Gmail or iCloud, for example), change the passwords on these sites immediately.

Make sure you can still log into these services, and use this free tool to check if your password was exposed in your emails.

8. Run an antivirus on your computer

Hackers use malware like Trojan horses to steal passwords off of your computer.

If your machine is infected, changing the password will not help because the malware will just grab the new password and send it to the hacker.

Run a scan of your computer to see if it’s been infected.

9.Check your activity

After you’ve done everything you can to kick out any unwanted visitors, and are sure that they no longer have access to your account, go over your recent activity and blog posts.

Spammers usually hack into a Tumblr account to mass spam a large group of people.

Using legitimate accounts with existing followers is much faster and easier than starting a new blog from scratch.

Make sure the hacker didn’t put up any unfavorable posts on your behalf. Spam links can be dangerous and lead users to illegal, malicious, or malware sites.

What Should You Do if You’re Locked Out?

If you’ve been locked out of your account and you think a hacker might be behind this, follow these steps now:

1. Check your other accounts

Make sure that you still have access to the email account linked to your Tumblr account.

If you’re using the same password, change it immediately, and do the same thing on any other online account that uses the same password as your Tumblr account.

If you’re locked out of your email account, try to recover it.

Check out our guides for Gmail and Yahoo for instructions on how to do this.

2.Reset your password

Go here to reset your password. Once you have access to your account again, go back to the top section of this guide and follow those instructions to reclaim your account.

If you are unable to reset your password for whatever reason, contact Tumblr Support.

3. Finally, get LogDog

Download LogDog. It’s a mobile Intrusion Detection System that monitors your online accounts, including Gmail, Twitter, Facebook, and many others.

It will send you an alert the instant something suspicious is detected so you can take action right away and stop the intruder in their tracks.

The service can be used across all devices and OS’s, so you’re always being protected. Here’s the Android and iOS links for you to check out

Keep hackers out of your accounts the easy way and prevent a lot of heartache with a single app.

Written by  Omri Toppol

Omri is LogDog's marketing guy. He is passionate about technology, digital marketing and helping online users to stay safe and secure