Tumblr Fixes Flaw that Made Accounts Vulnerable

Tumblr Fixes Flaw that Made Accounts Vulnerable

The information made vulnerable by the flaw would have let hackers obtain information they could use for phishing scams, harassment and other campaigns.

The blogging site Tumblr has disclosed a security flaw that could have exposed sensitive account information. The flaw has been fixed, and Tumblr said there was no evidence that the vulnerability had been exploited by bad users.

A security researcher discovered a security vulnerability in the part of the site that shows recommends blogs to logged-in users. If a blog showed up in the “recommended blogs” module, a debugging tool could be used to obtain their current and past email addresses, their scrambled password, their self-reported location and the IP address from their most recent sign-in.

The security researcher reported the bug to Tumblr, who fixed it within a day and awarded the reporter an unknown amount from the site’s bug bounty program.

The information made vulnerable by the flaw would have let hackers obtain information they could use for phishing scams, harassment and other campaigns.

In a blog post, Tumblr said that there is “no evidence” that anyone exploited the security vulnerability, and “nothing to suggest” that anyone accessed unprotected account information. The site wanted to “be transparent” about the incident regardless.  

About the Author

Jessica Davis is the Associate Content Editor for 1105 Media.

Featured

New Products

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities