{"id":2374,"date":"2013-07-26T12:30:17","date_gmt":"2013-07-26T16:30:17","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=2374"},"modified":"2020-02-26T10:41:40","modified_gmt":"2020-02-26T15:41:40","slug":"tumblr-security-breach","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/tumblr-security-breach\/2374\/","title":{"rendered":"Tumblr Security Breach!"},"content":{"rendered":"<p>The popular microblogging website, Tumblr, announced a breach in its security for iOS customers last week. The company asked all users of its iPhone and iPad app to change their passwords and perform a software update, saying:<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2013\/07\/06050157\/tumblr_title.jpg\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-2375\" alt=\"tumblr_title\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2013\/07\/06050157\/tumblr_title.jpg\" width=\"640\" height=\"420\"><\/a><\/p>\n<p style=\"padding-left: 30px;\"><em>\u201cWe have just released a very important security update for our iPhone and iPad apps addressing an issue that allowed passwords to be compromised in certain circumstances\u00b9. Please\u00a0<a href=\"https:\/\/itunes.apple.com\/us\/app\/tumblr\/id305343404?mt=8\" target=\"_blank\" rel=\"noopener nofollow\"><b>download the update<\/b><\/a>\u00a0now.<\/em><\/p>\n<p style=\"padding-left: 30px;\"><em>If you\u2019ve been using these apps, you should also\u00a0<strong>update your password<\/strong>\u00a0on Tumblr and anywhere else you may have been using the same password. It\u2019s also good practice to use different passwords across different services by using an app like\u00a0<a href=\"https:\/\/itunes.apple.com\/us\/app\/1password-password-manager\/id568903335?mt=8\" target=\"_blank\" rel=\"noopener nofollow\"><b>1Password<\/b><\/a>\u00a0or\u00a0<a href=\"https:\/\/lastpass.com\/\" target=\"_blank\" rel=\"noopener nofollow\"><b>LastPass<\/b><\/a>.<\/em><\/p>\n<p style=\"padding-left: 30px;\"><em>Please know that we take your security very seriously and are tremendously sorry for this lapse and inconvenience.\u201d<\/em><\/p>\n<p>Although Tumblr did not get into specifics, it appears the breach was the result of the company neglecting to use an SSL server while logging users into the app. This means anyone accessing Tumblr via public WiFi on an iPhone or iPad potentially faced <a href=\"https:\/\/threatpost.com\/tumblr-fixes-password-sniffing-bug-on-ipad-iphone\/101389\" target=\"_blank\" rel=\"noopener nofollow\">password sniffing<\/a> during transit.<\/p>\n<div class=\"pullquote\">This means anyone accessing Tumblr via public WiFi on an iPhone or iPad potentially faced password sniffing during transit.<\/div>\n<p>If you use Tumblr on your iOS device and have not yet updated both the app and your password, we encourage you to do so now. And since security breaches do sometimes happen, we recommend keeping the following tips in mind when accessing applications on your digital devices in the future:<\/p>\n<ul>\n<li><b>Use strong passwords:<\/b> We <a href=\"https:\/\/www.kaspersky.com\/blog\/21st-century-passwords\/\" target=\"_blank\" rel=\"noopener nofollow\">cannot stress enough<\/a> how important it is to use long, complex passwords when logging into websites and apps. The more difficult the password is, the harder it will be for your accounts to be attacked and your information to be compromised.<\/li>\n<li><b>Variety is key<\/b>: While on the subject of passwords, be sure you aren\u2019t using the same one for each account you manage. When it came to this Tumblr breach, a major concern was the possibility that some users may have shared their Tumblr passwords with their other social accounts. If their information had in fact been compromised, their other accounts were then at risk for an attack as well.<\/li>\n<li><b>Connect securely:<\/b> \u00a0You may want to consider <a href=\"https:\/\/www.kaspersky.com\/blog\/vpns-use\/\" target=\"_blank\" rel=\"noopener nofollow\">using a VPN<\/a>, or virtual private network, when connecting to public networks. Those users who had signed into their Tumblr accounts over public WiFi were at the greatest risk for attack in this case. Using a VPN will keep your data encrypted, more secure and out of reach of the wrong people.<\/li>\n<li><b>Embrace your security features<\/b>: If you\u2019re an Apple user, then you should be utilizing the security features for their products. Offerings, like the soon to debut iCloud Keychain password storage system, are there to help keep you safe.<\/li>\n<li><b>Stay Up To Date: <\/b>Applications are constantly being updated to fix bugs and address user issues. You should be updating your apps each time you\u2019re notified to do so to ensure you\u2019re using the best version offered.<\/li>\n<li><b>Protect all of your assets:<\/b> Of course Tumblr is not just available to iPhone and iPad users, it can be accessed from any device with Internet connection. So whether you\u2019re blogging on your smartphone or your PC, make sure you\u2019re using a trusted <a href=\"https:\/\/www.kaspersky.com\/one\" target=\"_blank\" rel=\"noopener nofollow\">antivirus software<\/a> for all of your devices.<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The popular microblogging website, Tumblr, announced a breach in its security for iOS customers last week. The company asked all users of its iPhone and iPad app to change their<\/p>\n","protected":false},"author":189,"featured_media":2376,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[189,433,434],"class_list":{"0":"post-2374","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-data-security","9":"tag-security-breach","10":"tag-tumblr"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/tumblr-security-breach\/2374\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/tumblr-security-breach\/2255\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/tumblr-security-breach\/2303\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/tumblr-security-breach\/2214\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/tumblr-security-breach\/1300\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/tumblr-security-breach\/2374\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/tumblr-security-breach\/2374\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/data-security\/","name":"data security"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/2374","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/189"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=2374"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/2374\/revisions"}],"predecessor-version":[{"id":32848,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/2374\/revisions\/32848"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/2376"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=2374"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=2374"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=2374"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}