A Tumblr recommended blogs security bug just might have exposed user data, the company reports in a recent update on its site…
It appears a bug which plagued hit Tumblr’s recommended blog section may have leaked users’ private information. The company admitted as much in a recent blog post. It explains data such as email addresses, passwords, IP addresses, as well as self-reported locations.
Tumblr’s ‘Recommended Blogs’ Tools Exposed User Data
At this time, the company doesn’t know if it did affect individual accounts. But, the site says that an investigation did not turn up any evidence the bug was abused.
“The bug was in the ‘Recommended Blogs’ feature on the desktop version of Tumblr. ‘Recommended Blogs’ module displays a short, rotating list of blogs of other users that may be of interest, and appears only for logged-in users. If a blog appeared in the module, it was possible, using debugging software in a certain way, to view certain account information associated with the blog.”
The security bug was found through a bounty program run by Oath. A security researcher discovered it and claims, if it was present in a user’s dashboard, for someone else to access information associated with that particular blog.