February 23, 2021
Tumblr recommended blogs security bug

Tumblr Admits its ‘Recommended Blog’ Option Exposed User Data

A Tumblr recommended blogs security bug just might have exposed user data, the company reports in a recent update on its site…

It appears a bug which plagued hit Tumblr’s recommended blog section may have leaked users’ private information. The company admitted as much in a recent blog post. It explains data such as email addresses, passwords, IP addresses, as well as self-reported locations.

Tumblr’s ‘Recommended Blogs’ Tools Exposed User Data

At this time, the company doesn’t know if it did affect individual accounts. But, the site says that an investigation did not turn up any evidence the bug was abused.

“The bug was in the ‘Recommended Blogs’ feature on the desktop version of Tumblr. ‘Recommended Blogs’ module displays a short, rotating list of blogs of other users that may be of interest, and appears only for logged-in users. If a blog appeared in the module, it was possible, using debugging software in a certain way, to view certain account information associated with the blog.”

The security bug was found through a bounty program run by Oath. A security researcher discovered it and claims, if it was present in a user’s dashboard, for someone else to access information associated with that particular blog.

This comes at a time when rivals Facebook and the soon-to-be defunct Google Plus are facing their own scandals over user privacy concerns.

William Boleys

Will is an experienced freelance writer who covers a wide range of topics, including apps, social media, and search.

View all posts by William Boleys →