Attention all users of Tumblr’s iOS app – the folks behind the social blogging site said Tuesday it’d discovered a vulnerability in the app that could allow passwords to be compromised.
It’s urging all users of the iPhone/iPad/iPod Touch app to download the update (available here) as soon as possible. It also strongly recommends users change their Tumblr password, and to change it on any other sites or services where the same password is used.
In a message (posted below) on its website, Tumblr described the security update as “very important” and told users to “please download this update now”.
No details were given as to the precise nature of the vulnerability, but it appears Android and Windows Phone users of the Tumblr app needn’t be concerned.
Tumblr’s widespread popularity – it has some 300 million monthly unique visitors and 120,000 sign-ups daily – led Yahoo to acquire the New York-based company in May for $1.1 billion.
Yahoo boss Marissa Mayer promised Tumblr fans at the time, “We are not going to screw this up,” and said that the blogging site would continue to operate independently.
Tumblr’s announcement regarding the iOS app’s security issue is shown in full below:
Important security update for iPhone/iPad users
We have just released a very important security update for our iPhone and iPad apps addressing an issue that allowed passwords to be compromised in certain circumstances. Please download the update now.
If you’ve been using these apps, you should also update your password on Tumblr and anywhere else you may have been using the same password. It’s also good practice to use different passwords across different services by using an app like 1Password.
Please know that we take your security very seriously and are tremendously sorry for this lapse and inconvenience.