Tumblr users on iOS devices urged to update app and change password over gaping security hole
He also noted that the update addresses a problem which might have allowed passwords to be compromised in certain circumstances while providing minimal detail by way of a footnote that read: “’Sniffed’ in transit on certain versions of the app.”
Gottfrid then admonishes users to not use common passwords across different services and suggests using apps like 1Password and LastPass to help manage different passwords for different services without having to memorize everything.
One might think there was some kind of hack or something that prompted the update, but sadly it was not anything so exotic. No, it turns out that the iOS apps for Tumblr were not encrypting or securely transmitting username and password data, meaning anytime you lagged in with iOS app on a public connection (like at an airport or Starbucks) it could be captured with a simple sniffer program.
That the gaping security hole should not have been there in the first place is another discussion, at least Tumblr set things right, however it does not help those whose passwords and user data may have already been sniffed out to this point.
So, get on with things, update your credentials and remember, do not use any of these as new passwords.
source: Tumblr via BetaBeat
1. mas11 (Posts: 1033; Member since: 30 Mar 2012)
Funny, the Tumblr app on Android doesn't have these issues. :)
2. AliNSiddiqui (Posts: 382; Member since: 19 Sep 2012)
And funny how Android is the only OS trash talked for being insecure.. lol
3. jroc74 (Posts: 5416; Member since: 30 Dec 2010)
lol....laughing at the first 2 comments because ....well its true. So far about the Android version anyway. Why did this happen for the iOS version and not the Android one?
Goes to show...sometimes it isnt the OS...but the developer, app.... Seems like that walled garden cant protect you 100%, 24/7.
4. icyrock1 (Posts: 307; Member since: 25 Mar 2013)
It also no longer lets you view porn from the app.