Tumblr Fixes Flaw that Made Accounts Vulnerable

Tumblr Fixes Flaw that Made Accounts Vulnerable

The information made vulnerable by the flaw would have let hackers obtain information they could use for phishing scams, harassment and other campaigns.

The blogging site Tumblr has disclosed a security flaw that could have exposed sensitive account information. The flaw has been fixed, and Tumblr said there was no evidence that the vulnerability had been exploited by bad users.

A security researcher discovered a security vulnerability in the part of the site that shows recommends blogs to logged-in users. If a blog showed up in the “recommended blogs” module, a debugging tool could be used to obtain their current and past email addresses, their scrambled password, their self-reported location and the IP address from their most recent sign-in.

The security researcher reported the bug to Tumblr, who fixed it within a day and awarded the reporter an unknown amount from the site’s bug bounty program.

The information made vulnerable by the flaw would have let hackers obtain information they could use for phishing scams, harassment and other campaigns.

In a blog post, Tumblr said that there is “no evidence” that anyone exploited the security vulnerability, and “nothing to suggest” that anyone accessed unprotected account information. The site wanted to “be transparent” about the incident regardless.  

About the Author

Jessica Davis is the Associate Content Editor for 1105 Media.

Featured

Featured Cybersecurity

Webinars

New Products

  • Camden Door Controls ‘SER” Surface Boxes and Extension Rings

    Camden Door Controls ‘SER” Surface Boxes and Extension Rings

    Camden Door Controls has introduced new ‘SER” surface boxes and extension rings that provide a complete solution for new construction. In addition, they provide a simple and robust solution when replacing round wired and manual push plate switches with either Camden’s wired or wireless SureWave™ no-touch switches or Kinetic™ no-battery wireless switches. 3

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3

  • LiftMaster Garage Door Opener

    LiftMaster Garage Door Opener

    LiftMaster Transforms the Garage Door Opener Into a Sleek Smart Home Device That Does More Than Open and Close the Garage Door 3