Over the last few days, some users have reported that spam links have appeared amongst their saved links. We wanted to post a quick update with more information regarding this issue, and what we’re doing to get to the bottom of things. Here’s what you need to know:
- We believe the spam is posting to accounts through an HTTP API endpoint, as well as through d.me, and seems to have impacted several thousand users by posting
unsolicited links into their Delicious account.
- We have disabled some legacy API functionality, and are digging deeper into the root causes in order to enable some longer term solutions. Future versions of the Delicious API will be based on OAuth 2.0 and not legacy authentication methods – we will notify developers as newer API endpoints are available.
- We have temporarily disabled posting to Delicious accounts via email with d.me to close a spam opening.
- Users who are seeing random spam amongst their saved links should delete those links. If the problem re-occurs or if there are more than a few please send a few sample URLs along with your username to firstname.lastname@example.org so we can investigate further.
Apologies to those users who have been impacted; we will post again when we have more details to share.