x PhoneArena is hiring! Reviewer in the USA
  • Hidden picShow menu
  • Home
  • News
  • Tumblr users on iOS devices urged to update app and change password over gaping security hole

Tumblr users on iOS devices urged to update app and change password over gaping security hole

Posted: , by Maxwell R.

Tags :

Tumblr users on iOS devices urged to update app and change password over gaping security hole
To err is human, and in this case with the Tumblr app for iOS, it was a pretty big err. Derek Gottfrid, Tumblr Product Vice President posted on the site’s blog last night urging users of the official iPhone and iPad app to update right away and to update their passwords.

He also noted that the update addresses a problem which might have allowed passwords to be compromised in certain circumstances while providing minimal detail by way of a footnote that read: “’Sniffed’ in transit on certain versions of the app.”

Gottfrid then admonishes users to not use common passwords across different services and suggests using apps like 1Password and LastPass to help manage different passwords for different services without having to memorize everything.

One might think there was some kind of hack or something that prompted the update, but sadly it was not anything so exotic. No, it turns out that the iOS apps for Tumblr were not encrypting or securely transmitting username and password data, meaning anytime you lagged in with iOS app on a public connection (like at an airport or Starbucks) it could be captured with a simple sniffer program.

That the gaping security hole should not have been there in the first place is another discussion, at least Tumblr set things right, however it does not help those whose passwords and user data may have already been sniffed out to this point.

So, get on with things, update your credentials and remember, do not use any of these as new passwords.

source: Tumblr via BetaBeat

  • Options

posted on 17 Jul 2013, 16:37 4

1. mas11 (Posts: 1034; Member since: 30 Mar 2012)

Funny, the Tumblr app on Android doesn't have these issues. :)

posted on 17 Jul 2013, 17:08 2

2. AliNSiddiqui (Posts: 382; Member since: 19 Sep 2012)

And funny how Android is the only OS trash talked for being insecure.. lol

posted on 17 Jul 2013, 19:42 1

3. jroc74 (Posts: 6019; Member since: 30 Dec 2010)

lol....laughing at the first 2 comments because ....well its true. So far about the Android version anyway. Why did this happen for the iOS version and not the Android one?

Goes to show...sometimes it isnt the OS...but the developer, app.... Seems like that walled garden cant protect you 100%, 24/7.

posted on 17 Jul 2013, 19:54

4. icyrock1 (Posts: 307; Member since: 25 Mar 2013)

It also no longer lets you view porn from the app.

posted on 19 Jul 2013, 15:47

5. androidfanboy (Posts: 162; Member since: 24 Jun 2013)

Haha ios sucks

Want to comment? Please login or register.

Latest stories