- Cardi B. jumps on 10-year challenge with high school performance of Lady Gaga song 3 Months Ago
- Parents, teachers cry foul over Verizon fee hike for popular education app Today 11:57 AM
- Conservative men are kicking and screaming about Gillette’s new toxic masculinity ad Today 11:23 AM
- Mysterio is hot now in the ‘Spider-Man: Far From Home’ trailer Today 10:53 AM
- Netflix hikes prices on all subscription plans Today 10:48 AM
- Ajit Pai is refusing to testify about cell phone tracking data Today 10:18 AM
- Murder is back on the menu with Netflix’s Ted Bundy documentary Today 9:53 AM
- Twitch star Alinity Divine accidentally displays d*ck pic on her stream Today 9:18 AM
- NBC to launch curious new streaming service Today 9:06 AM
- Trump proudly serves ‘1,000 hamberders’ to Clemson football team Today 8:30 AM
- Sling TV is giving Roku users over 100 hours of free programming Today 7:13 AM
- ‘The Last Laugh’ aims for the funny bone and heart, but misses both Today 7:00 AM
- Hulu’s Fyre Fest documentary throws serious shade at Netflix’s Today 6:52 AM
- How to watch ‘The Flash’ online for free Today 6:30 AM
- Ruth Bader Ginsburg is not dead—no matter what conspiracy theorists say Today 6:30 AM
A major Tumblr security bug potentially exposed its users’ private data, but the blogging service says it has patched the problem.
The vulnerability, discovered by a security researcher participating in the company’s bug bounty program, involved Tumblr’s “Recommended Blogs” feature utilized by the service’s desktop app.
A blog post from the company explaining the issues states: “If a blog appeared in the module, it was possible, using debugging software in a certain way, to view certain account information associated with the blog.”
“This included email address, protected (hashed and salted) password of the Tumblr account, self-reported location (a no longer available feature), previously used email addresses, last login IP address, and the name of the blog associated with the account,” the company revealed.
Tumblr emphasized that an internal investigation yielded “no evidence of this security bug being abused” and said the issue was fixed within 12 hours of being reported.
“We’re not able to determine which specific accounts could have been affected by this bug, but our analysis has shown that the bug was rarely present,” Tumblr said.
The blog adds that users are not required to take any action as a result of the incident.
“It’s our mission to provide a safe space for people to express themselves freely and form communities around things they love. We feel that this bug could have affected that experience,” Tumblr concluded. “We want to be transparent with you about it. In our view, it’s simply the right thing to do.”
Bug bounty programs are used by numerous technology companies in order to reward security researchers for discovering issues that could be exploited by malicious actors.
While the most recent bug does not appear to have resulted in the compromise of private data, a hacker was able to steal account details from 65 million Tumblr users in 2016.
Mikael Thalen is a freelance journalist based in Seattle, covering all things technology, including social media, data breaches, hackers, and more.