July 26, 2013

Tumblr Security Breach!


The popular microblogging website, Tumblr, announced a breach in its security for iOS customers last week. The company asked all users of its iPhone and iPad app to change their passwords and perform a software update, saying:


“We have just released a very important security update for our iPhone and iPad apps addressing an issue that allowed passwords to be compromised in certain circumstances¹. Please download the update now.

If you’ve been using these apps, you should also update your password on Tumblr and anywhere else you may have been using the same password. It’s also good practice to use different passwords across different services by using an app like 1Password or LastPass.

Please know that we take your security very seriously and are tremendously sorry for this lapse and inconvenience.”

Although Tumblr did not get into specifics, it appears the breach was the result of the company neglecting to use an SSL server while logging users into the app. This means anyone accessing Tumblr via public WiFi on an iPhone or iPad potentially faced password sniffing during transit.

This means anyone accessing Tumblr via public WiFi on an iPhone or iPad potentially faced password sniffing during transit.

If you use Tumblr on your iOS device and have not yet updated both the app and your password, we encourage you to do so now. And since security breaches do sometimes happen, we recommend keeping the following tips in mind when accessing applications on your digital devices in the future:

  • Use strong passwords: We cannot stress enough how important it is to use long, complex passwords when logging into websites and apps. The more difficult the password is, the harder it will be for your accounts to be attacked and your information to be compromised.
  • Variety is key: While on the subject of passwords, be sure you aren’t using the same one for each account you manage. When it came to this Tumblr breach, a major concern was the possibility that some users may have shared their Tumblr passwords with their other social accounts. If their information had in fact been compromised, their other accounts were then at risk for an attack as well.
  • Connect securely:  You may want to consider using a VPN, or virtual private network, when connecting to public networks. Those users who had signed into their Tumblr accounts over public WiFi were at the greatest risk for attack in this case. Using a VPN will keep your data encrypted, more secure and out of reach of the wrong people.
  • Embrace your security features: If you’re an Apple user, then you should be utilizing the security features for their products. Offerings, like the soon to debut iCloud Keychain password storage system, are there to help keep you safe.
  • Stay Up To Date: Applications are constantly being updated to fix bugs and address user issues. You should be updating your apps each time you’re notified to do so to ensure you’re using the best version offered.
  • Protect all of your assets: Of course Tumblr is not just available to iPhone and iPad users, it can be accessed from any device with Internet connection. So whether you’re blogging on your smartphone or your PC, make sure you’re using a trusted antivirus software for all of your devices.