Another day, another web service with lax security. This time it’s Tumblr, which has urged users of its iOS apps to change their passwords after it emerged that those apps didn’t transmit passwords securely, making it using for the criminally-minded to ‘sniff’ them.
Changing your password is especially important if you use the same password elsewhere, although that in itself is a massive security no-no. If you only access Tumblr via your desktop browser, this particular issue won’t affect you.
Comments
One response to “Tumblr iOS Security Flaw: Change Your Password Now”
Maybe it’s because English is my second language, but I’m not sure what this means: “making it using for the criminally-minded”.
It’s not your English, it’s whomever wrote it…. I think it should translate to something along the lines of…. the criminally minded are making use of the fact that the passwords are not being transmitted securely.. and can “sniff” the packets… hence getting passwords and your e-mail address which might be used on other sites as username and password.
Thanks for covering this story. This type of security flaw does not only affect Tumblr, we wrote an article about how users can protect their social media accounts like Linkedin and Facebook from similar security weaknesses.
http://www.doctrackr.com/blog/bid/318540/Is-Your-Social-Media-Secure-Privacy-Tips-from-Tumblr-s-Failure