Privacy News Tumblr patches bug that could have exposed user data

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
The microblogging platform is assuring its users that has found no evidence that any data was actually stolen

Tumblr has fixed a vulnerability that it says could have exposed private user data, according to an announcement by the microblogging and social networking site.
The information that could have been viewed by unauthorized parties includes email addresses, hashed and salted passwords, locations, previously used email addresses, and last login IPs. The flaw resided in the “Recommended Blogs” feature in the desktop version of Tumblr. The widget shows logged-in users a list of blogs they may be interested in.

“If a blog appeared in the module, it was possible, using debugging software in a certain way, to view certain account information associated with the blog,” said Tumblr.
Discovered and reported through the platform’s bug bounty program several weeks ago, the security vulnerability was resolved within 12 hours.

The New York-based company also said that it couldn’t determine which specific accounts were at risk, although its analysis is said to have shown that “the bug was rarely present”.
The site, which has over 440 million blogs, gave assurances to its users that it has found no evidence to suggest that any data was actually lifted.
At the same time, the platform said that users needn’t take any action. In these cases, this usually means changing their passwords.

... ... ...
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top