The Personal Details of 35 Million Americans Have Been Exposed via an Unprotected Database
Last updated September 25, 2021
A critical vulnerability was found in Tumblr’s popular Recommended Blogs feature that is home to over 440 million blogs. The bug allowed attackers access to private data of users which includes email addresses, passwords, location data, previously used email addresses on Tumblr and IP addresses. This is not the first time the social media platform had its hands full with a security exploit. In 2016, it was revealed that private data of 65 million users was exposed due to a breach that took place in 2013.
The bug has already been fixed, and Tumblr revealed that no user action is needed for security purposes. The vulnerability was found in the desktop variant of the social media platform only, and mobile users were not affected. This is the third major incident in the world of social media. Both Google and Facebook suffered major security breaches recently that have compromised private data of tens of millions of users around the world.
After investigating the breach, Tumblr found out that there were no signs of any user data being affected despite the vulnerability. The bug was found by security researcher(s) who reported it via Tumblr’s bug bounty program. The social media platform was quick to act and patched the vulnerability in 12 hours. So far, no accounts have been identified that may have been compromised, and the bug was rarely present according to the company.
The company decided to reveal the vulnerability because of its commitment to transparency. Tumblr has promised to improve its security practices and deploy better analysis and monitoring procedures to quickly identify and patch any similar bugs going forward.
What do you think about the security issue at Tumblr? Let us know in the comments below. Also, make sure to follow us on Facebook and Twitter. Thanks!