After a discovery huge security flaw in the iPhone and iPad applications, Tumblr is now asking its users to update their passwords.
An unnamed reader from the publication of Registration discovered that Tumblr was not using secured connections when logging in their users into social networks when using their Apple mobile devices.
This is a big security risk. Hackers and even ordinary users with the appropriate software using the same Wi-Fi network can intercept the information they use when logging in.
The unnamed reader from Register was able to detect the issue while testing Tumblr’s application for his company’s smart phones.
He mentioned with Register that the Tumblr iOS app was sending the password in plain text and not in Secure Sockets Layer (SSL) format. This was not showing as a password reminder either, it was plainly opening the application and logging in using the iOS app.
To treat the issue, Tumblr cascaded the communication and an app update last Tuesday to advise everyone who have logged in using the iOS app to update their passwords just to be on the safe side. The company also released a statement in a blog post, saying that they take the security of their user’s accounts very seriously, and are incredibly sorry for the inconvenience this may have caused.
Ever since, using secure connections when logging in was a standard practice for social networks. Making the discovery of the application’s weakness to some extent, a humiliation for Tumblr, who has been receiving incredible growth in the past few years, and was just recently acquired by Yahoo Inc. for a whopping $1.1 billion.
The unnamed user who discovered the lapse said that he notified Tumblr right away about the problem around two weeks ago, and he only went to the Register when the support team for Tumblr was not able to resolve his concern.
Tumblr was out of reach for comments.
© 2025 HNGN, All rights reserved. Do not reproduce without permission.
