Tumblr users on iOS devices urged to update app and change password over gaping security hole

Tumblr users on iOS devices urged to update app and change password over gaping security hole
To err is human, and in this case with the Tumblr app for iOS, it was a pretty big err. Derek Gottfrid, Tumblr Product Vice President posted on the site’s blog last night urging users of the official iPhone and iPad app to update right away and to update their passwords.

He also noted that the update addresses a problem which might have allowed passwords to be compromised in certain circumstances while providing minimal detail by way of a footnote that read: “’Sniffed’ in transit on certain versions of the app.”

Gottfrid then admonishes users to not use common passwords across different services and suggests using apps like 1Password and LastPass to help manage different passwords for different services without having to memorize everything.

One might think there was some kind of hack or something that prompted the update, but sadly it was not anything so exotic. No, it turns out that the iOS apps for Tumblr were not encrypting or securely transmitting username and password data, meaning anytime you lagged in with iOS app on a public connection (like at an airport or Starbucks) it could be captured with a simple sniffer program.

That the gaping security hole should not have been there in the first place is another discussion, at least Tumblr set things right, however it does not help those whose passwords and user data may have already been sniffed out to this point.

So, get on with things, update your credentials and remember, do not use any of these as new passwords.

source: Tumblr via BetaBeat

FEATURED VIDEO

5 Comments

1. mas11

Posts: 1034; Member since: Mar 30, 2012

Funny, the Tumblr app on Android doesn't have these issues. :)

2. AliNSiddiqui

Posts: 382; Member since: Sep 19, 2012

And funny how Android is the only OS trash talked for being insecure.. lol

3. jroc74

Posts: 6023; Member since: Dec 30, 2010

lol....laughing at the first 2 comments because ....well its true. So far about the Android version anyway. Why did this happen for the iOS version and not the Android one? Goes to show...sometimes it isnt the OS...but the developer, app.... Seems like that walled garden cant protect you 100%, 24/7.

4. icyrock1

Posts: 307; Member since: Mar 25, 2013

It also no longer lets you view porn from the app.

5. androidfanboy

Posts: 162; Member since: Jun 24, 2013

Haha ios sucks

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.