Tumblr users on iOS devices urged to update app and change password over gaping security hole

He also noted that the update addresses a problem which might have allowed passwords to be compromised in certain circumstances while providing minimal detail by way of a footnote that read: “’Sniffed’ in transit on certain versions of the app.”
One might think there was some kind of hack or something that prompted the update, but sadly it was not anything so exotic. No, it turns out that the iOS apps for Tumblr were not encrypting or securely transmitting username and password data, meaning anytime you lagged in with iOS app on a public connection (like at an airport or Starbucks) it could be captured with a simple sniffer program.
So, get on with things, update your credentials and remember, do not use any of these as new passwords.
source: Tumblr via BetaBeat