Tumblr patches data-exposing privacy bug

MANILA, Philippines – Tumblr disclosed on Wednesday, October 17 (October 18, Manila time) it had patched a bug on its site that could have exposed the information of some of its users, though they said there was no evidence pointing to the bug being exploited.

According to Tumblr's disclosure, the bug was found on the Recommended Blogs module on the desktop version of the site. If a blog appeared on the module, debugging software used a specific way could allow someone to view account information associated with the blog.

Tumblr said the bug was "rarely present" but could have allowed someone to view the following information had it been exploited:

"Hashing" and "salting" a password refer to additional cryptographic processes that make it harder to crack a password. 

Tumblr added it "thoroughly investigated any way in which our community could have been affected."

It found "no evidence that this bug was abused, and there is nothing to suggest that unprotected account information was accessed."

The vulnerability was discovered by a researcher working on Tumblr's bug bounty program, and the bug was resolved some 12 hours after initial reporting by the researcher.  – Rappler.com

Victor Barreiro Jr.

Victor Barreiro Jr is part of Rappler's Central Desk. An avid patron of role-playing games and science fiction and fantasy shows, he also yearns to do good in the world, and hopes his work with Rappler helps to increase the good that's out there.