Tumblr Patches A Flaw That Could Have Exposed Users Account Info
– Swati Khandelwal
Tumblr today published a report admitting the presence of a security vulnerability in its website that could have allowed hackers to steal login credentials and other private information for users’ accounts.
The affected information included users email addresses, protected (hashed and salted) account passwords, self-reported location (a feature no longer available), previously used email addresses, last login IP addresses, and names of the blog associated with every account.
Tumblr assured that its internal investigation found no evidence of the bug being abused by an attacker.
Reference: https://thehackernews.com/2018/10/tumblr-account-hacking.html
Connor Fairman says
Hey thanks for sharing this. This reminds me of when Google revealed a Google+ vulnerability even though it had not been exploited yet by attackers. I think it’s great that companies take the initiative to identify these risks, take steps to fix them, and also make them public, even if no one has been affected by them yet. This seems to be what separates responsible companies from irresponsible companies. I think that in today’s social and political climate, it’s pretty crucial for companies to maintain this level of vigilance.