Tumblr patches data-exposing privacy bug

Victor Barreiro Jr.

This is AI generated summarization, which may have errors. For context, always refer to the full article.

Tumblr patches data-exposing privacy bug
Tumblr says the it found 'no evidence that this bug was abused, and there is nothing to suggest that unprotected account information was accessed'

MANILA, Philippines – Tumblr disclosed on Wednesday, October 17 (October 18, Manila time) it had patched a bug on its site that could have exposed the information of some of its users, though they said there was no evidence pointing to the bug being exploited.

According to Tumblr’s disclosure, the bug was found on the Recommended Blogs module on the desktop version of the site. If a blog appeared on the module, debugging software used a specific way could allow someone to view account information associated with the blog.

Tumblr said the bug was “rarely present” but could have allowed someone to view the following information had it been exploited:

  • email address
  • protected (hashed and salted) password of the Tumblr account
  • self-reported location (no longer an available feature)
  • previously used email addresses
  • last login IP address
  • the name of the blog associated with the account.

“Hashing” and “salting” a password refer to additional cryptographic processes that make it harder to crack a password. 

Tumblr added it “thoroughly investigated any way in which our community could have been affected.”

It found “no evidence that this bug was abused, and there is nothing to suggest that unprotected account information was accessed.”

The vulnerability was discovered by a researcher working on Tumblr’s bug bounty program, and the bug was resolved some 12 hours after initial reporting by the researcher.  – Rappler.com

Add a comment

Sort by

There are no comments yet. Add your comment to start the conversation.

Summarize this article with AI

How does this make you feel?

Loading
Download the Rappler App!
Person, Human, Sleeve

author

Victor Barreiro Jr.

Victor Barreiro Jr is part of Rappler's Central Desk. An avid patron of role-playing games and science fiction and fantasy shows, he also yearns to do good in the world, and hopes his work with Rappler helps to increase the good that's out there.