Pinterest comes under spam attack


UpdateNow that social curation site Pinterest has become the hot-new social thing, with loads of traffic and highly addicted community, it seems to be time for spammers to take advantage of its traffic and intense virality.

Earlier this evening, some kind of spam-exploit injected  javascript code that started replacing many Pinterest photos with ads for Best Buy. (see photo.) The actions resulted in disgruntled users blaming Pinterest. A recent study claimed that Pinterest was referring more traffic on the web.

Pinterest is now driving more referral traffic on the web than Google+, YouTube, Reddit, and LinkedIn — combined. That’s according to Shareaholic’s January 2012 referral trafficreport, which is based on aggregated data from more than 200,000 publishers that reach more than 260 million unique monthly visitors each month.

In the era of social, what is amazing is how quickly the spam attacks can spread and have an impact. I sincerely hope Pinterest has brought this under control. I for one, am rooting for that hot little company.

Update: Pinterest co-founder/CEO Ben Silbermann emailed with this statement: “We had an opportunity to identify the problem and put in a fix a couple hours after a user reported it to us. We are keeping a close eye on it this weekend.”


Robert Brown

This attack was a persistent cross-site scripting attack using an unsanitized iframe in the description textarea. The iframe loaded Javascript from an overseas site and posted back like+follow to Pinterest. It also hid the ‘report this pin’ and ‘edit’ buttons from the UI.

I happened to be on Pinterest at the time and captured data, screenshots, and the exploit code.


Very unfortunate and unfortunately all too common. It was probably a cross site scripting (xss) attack. These attacks are very difficult to prevent and many big websites including and have been hit by xss exploits and man-in-the-middle attacks.


That “hot little company” Pinterest, is harming photographers and their businesses through Terms of Service that allow the company to use images, without payment to photographers…. Most users don’t even know it.


It didn’t replace pictures. It added pictures without your consent. It also liked posts and started following people without your consent. You can undo all that by deleting, but it seems fairly insecure.


Until this article, I had not heard of this Pinterest. Penalties for this type of abuse need to be much more severe.

Comments are closed.