Tumblr Fixes Security Hole With iOS App Update
July 17, 2013

Tumblr Fixes Security Hole With iOS App Update

Peter Suciu for redOrbit.com - Your Universe Online

Tumblr announced on Tuesday it had rolled out a "very important" security fix for its iOS app for the iPhone and iPad after a flaw was identified within the Yahoo!-owned blogging service. The security flaw reportedly addresses an issue that allowed passwords to be compromised in select circumstances.

Users of the apps have been advised to also update their respective Tumblr passwords as a precaution, given that there is a possibility that those passwords were "sniffed" in certain versions of the app.

"We have just released a very important security update for our iPhone and iPad apps addressing an issue that allowed passwords to be compromised in certain circumstances," Tumblr's derekg posted on an official feed. "Please download the update now. If you've been using these apps, you should also update your password on Tumblr and anywhere else you may have been using the same password. It's also good practice to use different passwords across different services by using an app like 1Password or LastPass.

"Please know that we take your security very seriously and are tremendously sorry for this lapse and inconvenience," derekg added.

The problem does seem to be limited to the iOS version, and while the service also has apps for Android and Windows Phone, it was reported that only the ones for iOS were affected at this point.

Yahoo! had acquired Tumblr in June of this year for a reported $1.1 billion, and this was seen as part of its efforts to attract a younger audience. The Tumblr network of blogs sees more than 300 million unique visitors and the site has reported there are 120,000 new signups every day with 900 posts published every second.

The microblogging and social networking service was founded in 2007. More than half of Tumblr's users post via mobile apps, and do so at a reported rate of seven sessions per day. During its acquisition, it was reported Yahoo! expected to grow the audience by as much as 50 percent while increasing traffic by 20 percent.

The purchase of Tumblr, which was a reported all-cash deal, was apparently approved as Yahoo! CEO Marissa Mayer woke up early Monday morning to Tweet: "I'm delighted to announce that we've reached an agreement to acquire Tumblr! We promise not to screw it up."

While it appears Mayer hasn't tweeted about the security fix, Tumblr spokesperson Katherine Barna did offer an official comment.

"We immediately released an update that repairs the issue and are notifying affected users. We obviously take these incidents very seriously and deeply regret this error," Barna told Mashable. She did not provide additional details on the security issue however.

This is far from Tumblr's only problem. On Tuesday, Bloomberg reportedly asked Rob Norman, chief digital officer of WPP's media-buying giant GroupM about Tumblr.

"The acquisition strategy is either not especially clever or too clever for me," Norman told Bloomberg in an email. "I am negative on Tumblr, as I don't believe it's truly social."