Buzz
The Recommended Blogs feature displays a list of blogs that users are logged into, as you can see in the screenshot below:
Tumblr addresses security vulnerability leading to user privacy breach
According to Tumblr, a security researcher uncovered and reported this security flaw to the company through the Tumblr bug bounty program. Upon receiving the security report, the company promptly addressed and fixed the issue within a 12-hour period.
By using the Debugging Tool, logged-in users could access personal account information for each listed blog, including IP addresses, email addresses, and hashed passwords. Tumblr stated there is no evidence to suggest this flaw has been exploited in the past, and it is rarely encountered.
'We cannot determine which specific accounts may be affected by this security flaw, but our analysis suggests that such incidents are infrequent.' 'The flaw exposed leaked email addresses, protected (hashed) passwords of Tumblr accounts, reported locations (a feature no longer in use), previously used emails, last login IP addresses, and the names of blogs linked to the accounts.'
You can download Tumblr on your mobile device below.
- Get the latest Tumblr app for Android
- Grab the newest Tumblr app for iPhone
From now on, feel secure backing up and storing your iDevice data anywhere with Apple's New Data Port and Security, allowing you to download iTunes data, Apple ID accounts, iCloud data,... with just a few simple and swift steps.
