Tumblr has experienced a major mobile security flaw and is now asking that all Apple iPhone and Apple iPad users change their password and download an update for company’s popular social blogging platform.
The company has posted the following message regarding the security breach:
Important security update for iPhone/iPad users
“We have just released a very important security update for our iPhone and iPad apps addressing an issue that allowed passwords to be compromised in certain circumstances¹. Please download the update now.
If you’ve been using these apps, you should also update your password on Tumblr and anywhere else you may have been using the same password. It’s also good practice to use different passwords across different services by using an app like 1Password or LastPass.
Please know that we take your security very seriously and are tremendously sorry for this lapse and inconvenience.
¹ “Sniffed” in transit on certain versions of the app.”
The flaw was discovered by a reader of The Register. The reader was asked by their corporate employer to screen apps. The reader found that password logins were being transmitted over WiFi in plain-text with no kind of encryption.
The source says they reported the problem to Tumblr but ultimately after no response was received they went to the media with news of the Tumblr security flaw.
Do you think Tumblr should have acted faster to solve this major security issue?