Tumblr updates iOS app, fixes important potential password security issue

Tumblr for iOS has been updated with an important security fix. According to Tumblr's blog post, there was an issue in the app that allowed for a user's password to be compromised in certain circumstances.

While Tumblr has not yet released the full details of the bug, iMore was able to independently confirm a security issue in version 3.4 of the Tumblr app with logging users in. Specifically, when a user logs in, the request containing their username and password is sent in plaintext over HTTP rather than being sent securely over HTTPS. This means that if a person logs in while on an unsecured wireless network, another person on that network could sniff their traffic and acquire their username and password. All users should update to version 3.4.1 which fixes the bug. Tumblr also encourages all users to change their Tumblr password in case it was compromised.

Tumblr isn't the first app to have a bug like this, but it is notable that they apparently fixed the bug immediately after learning about it.

Nick Arnott