Tumblr fixes security hole, asks users to change passwords

Tumblr is encouraging its users to change their passwords after a major vulnerability was discovered in its iPhone and iPad apps.

An anonymous reader of the publication the Register found that Tumblr did not use a secure connection when its users logged into the social network from their mobile Apple devices.

That means that other users with the right software on the same Wi-Fi network could intercept the log-in information.

PHOTOS: Six things rich tech execs splurge on

The Register reader found the problem while vetting Tumblr’s apps for use on his company’s smartphones.

“The Tumblr iOS app is sending the password over plain text and not over SSL,” he told the Register. “We are not talking about password reminders but about just opening the app and logging in through the iOS app.”

To fix the problem, Tumblr sent out an app update Tuesday and said that anyone who had logged in through the iOS apps should change their passwords to be safe.

“Please know that we take your security very seriously and are tremendously sorry for this lapse and inconvenience,” the company said in a blog post.

The use of secure connections is standard practice for social networks. That makes the discovery of the vulnerability somewhat of an embarrassment for Tumblr, which has seen tremendous growth in the last few years and was recently purchased by Yahoo Inc. for $1.1 billion.

The Register says the anonymous reader said he notified Tumblr about the vulnerability two weeks ago. He only went to the Register after Tumblr’s support staff failed to solve the problem.

Tumblr could not be reached for comment.

ALSO:

Hollywood embracing Instagram video

T-Mobile blasts AT&T for copying phone upgrade plan

Google Maps finally back on iPad; app’s iPhone version updated