Technology News

latest updates from easySERVICE™

Tumblr iOS users are compromised due to security flaw in its app


On Monday, the blogging platform Tumblr fixed a security flaw in its app for iPhones and iPads — a vulnerability that put users’ accounts at risk by transmitting user names and passwords in plain text.

However, the IT staffer who found the flaw says Tumblr initially ignored his information and only fixed the vulnerability after a tech blog contacted Tumblr for comment two weeks later.

The company’s negligence suggests that millions of Tumblr iOS users were exposed to attacks and account hijacks for two weeks after Tumblr was alerted to the bug. (The Tumblr app for Android is not affected.)

“Yesterday, Tumblr was notified of a security vulnerability introduced in our iOS app,” a Tumblr spokeswoman told TechNewsDaily via email. “We immediately released an update that repairs the issue and are notifying affected users. We obviously take these incidents very seriously and deeply regret this error.”

When logging into Tumblr from a Mac, PC or Android device, the user’s login credentials are sent using an encrypted connection and, therefore, cannot be “sniffed” by an identity thief or hacker using commonly available software.

However, until last night, a user of the Tumblr iOS app would have his or her username and password sent in plain text, readable to anyone else on the same network.

After Tumblr failed to patch the app, the IT worker contacted the Register, which yesterday contacted Tumblr and its parent company, Yahoo, for comment.

By Monday’s end, Tumblr posted an official message that it had “just released a very important security update for [its] iPhone and iPad apps addressing an issue that allowed passwords to be compromised in certain circumstances.”

Tumblr also urged users of those apps to update passwords on Tumblr and on any other site where they used the same passwords. The posting did not acknowledge The Register or its tipper for bringing the security concern to Tumblr’s attention.

Source: Associated Press


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


This entry was posted on July 19, 2013 by in Apple, Applications, Social Network, Yahoo and tagged , , , , , , , , , .
%d bloggers like this: