For those of you who may use or even peruse Tumblr, now may be the time to change passwords and take other such security measures. Just today Tumblr posted an announcement stating that a flaw was found in their "Recommended Posts" widget. The flaw was reported by a security researcher and sent to Tumblr's Bug Bounty program. The flaw was large enough that Tumblr won't even reveal the full details of the bug. However, it is known that if you were using developer tools wisely you would be able to find information such as the posters email address, protected account passwords, self-reported location, previously used email addresses, last login IP addresses, and names of the blog associated with every account.
After all the major data breaches experienced by Twitter, Facebook, Google and countless others, you would think that a company as large as Tumblr would notice something like this. They must be too busy reading all the blog posts that come down the pipeline to be bothered with something as important as account security.
Check out the full article on The Hacker News below.