The microblogging platform is assuring its users that has found no evidence that any data was actually stolen
Tumblr has fixed a vulnerability that it says could have exposed private user data, according to an
announcement by the microblogging and social networking site.
The information that could have been viewed by unauthorized parties includes email addresses, hashed and salted passwords, locations, previously used email addresses, and last login IPs. The flaw resided in the “Recommended Blogs” feature in the desktop version of Tumblr. The widget shows logged-in users a list of blogs they may be interested in.
“If a blog appeared in the module, it was possible, using debugging software in a certain way, to view certain account information associated with the blog,” said Tumblr.
Discovered and reported through the platform’s
bug bounty program several weeks ago, the security vulnerability was resolved within 12 hours.
The New York-based company also said that it couldn’t determine which specific accounts were at risk, although its analysis is said to have shown that “the bug was rarely present”.
The site, which has over 440 million blogs, gave assurances to its users that it has found no evidence to suggest that any data was actually lifted.
At the same time, the platform said that users needn’t take any action. In these cases, this usually means changing their passwords.
... ... ...