About Pinterest diet spam

If you are not familiar with the Twitter diet spam campaign, please read my earlier blog post first. Same campaign is ongoing also on Pinterest.  Most likely other social media sites are targeted as well. Just recently similar campaign was spotted on Instagram.

In this post I will explain how to search for “spam pins” on Pinterest by using a domain name. You can first locate compromised web-sites from Twitter by searching e.g. “dr oz helped me lose” – see the screen-shot below:

twitter search dr ozLets pick a domain from the first link: “ianharbaugh.com”. if you visit the site, you will notice it is powered by WordPress like many compromised sites. I believe hackers have scanned a big amount of WordPress-powered sites against known vulnerabilities. By using suitable tools, it is relatively easy to install a backdoor – or like in this case, a malicious redirect script – to the website. The websites may have nothing to do with the spam campaign and are most likely victims like many users.

Back to Pinterest: there is one easy way to search for possible spam pins by using a domain name e.g. http://pinterest.com/source/ianharbaugh.com/ – screen-shot is below:

pinterest source searchNaturally any pin could be real and non-malicious, originating from a normal website making further checks more difficult, but in this case all pins are spam. Screen-shot of the first pin (posted about four weeks ago):

pin-spam-example-editedIf you click on the image or website button, you will be redirected to a diet spam site – so don’t.


Spreading spam pins happens easily via “repin” and “like” functions – similar to retweet and favorite on Twitter. After searching for spam pins for about two hours, I think it is safe to say that this spam campaign has been successful also on Pinterest. I have also found many new hacked (WordPress powered) websites.

As noted earlier, many normal Twitter accounts have been compromised for this campaign. It seems same applies to Pinterest. Naturally there are some obvious spam bots involved.

Currently it is not clear how the accounts have been hacked.

Instructions to Pinterest users

If you believe your account has been compromised, change your passwords immediately. Not just on Pinterest: change e-mail, Facebook, Tumblr, Twitter, Instagram etc. passwords. Do not use same password on all services. See also Pinterest Help Center instructions.

Notifying the affected websites

I have sent email two three hacked websites. No responses so far, one email bounced and nothing has been fixed. Some other approach is needed: emailing all admins would take too much time. Website admins might need some instructions, too. Perhaps it is easier to remove all files and re-install WordPress as opposed to deleting malicious files and upgrading all software? I hope some area experts will provide advice on this.


6:15 PM, GMT+2, new spam pins spotted: http://pinterest.com/source/barefootstudio.co.uk/

Tagged , , ,

One thought on “About Pinterest diet spam

  1. mthomasdavid says:


    This same issue with the same pins (before and after weight loss) happened to my wife. I’ve found some vague references to the issue elsewhere, but your site has the only screen shot to confirm that this is the same problem – so thanks for doing that.

    It seems like there should be a list of hacks and issues published by pinterest that users can reference. Do you know of one?


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: