Tumblr takes a security fallBy Ryan Noik 18 July 2013 | Categories: news
Tumblr has urged users of its iOS app, as well as those who have logged into their account online using Wi-Fi, to change their passwords “immediately.”
For the former, the company has further encouraged users to update the app on their iOS device. The cause of the sudden consternation is the discovery of a failure in Tumblr’s security protocol, that allowed users’ passwords to be compromised.
This meant that those who could ‘sniff’ Wi-Fi traffic would be able to see users’ passwords in plain text, and not just password reminders either. Clearly this is not something someone who values their identity on the blogging network or other sites using the same password would aim for.
Tumblr face meets egg
The company has further asked its users to also change its password both on Tumblr and anywhere else they may have been using the same password.
According to a report in The Register, one of its readers discovered that the Tumblr app did not log users in using a secure server (SSL) while evaluating the app for possible use on a corporate network.
The misstep on the company’s part is likely more than a little bit embarrassing, particularly as the use of secure connections by social networks is common place. The mistake comes after its acquisition by Yahoo! for a cool $1.1 billion (R10 billion) two months ago. We do wonder though, whether Yahoo! would have been quite so quick to snap up the blogging platform had this happened prior to May, at least, at that price.
Tumblr has, of course, apologised for the oversight, stating, “Please know that we take your security very seriously and are tremendously sorry for this lapse and inconvenience.”
To the point
Granted, every company makes its mistakes – at companies run by imperfect human beings – and no doubt, the security hole will be fixed and in due course, forgotten. However, in an era where privacy is becoming a controversial issue in its own right, this misstep does bring to light another, interesting consideration: exactly what is the value of users’ passwords?
Indeed, to our minds passwords – as being a common line of defence – may well be viewed as commodities in their own right. Obviously, the value of the information that passwords protect is not equal – with a password that protects financial access ranking considerably higher than a password that protects one’s profile on a social network.
However, given that many people use the same password for multiple sites and user accounts, a breach of password information on any site may just carry the same level of concern.
Most Read Articles
Have Your Say
What new tech or developments are you most anticipating this year?