The social media site Tumblr disclosed was able to head off a potential cybersecurity issue when its bug bounty program revealed a vulnerability that could have exposed user PII.
The flaw was in Tumblr’s “Recommended Blogs” feature for logged in desktop and mobile users.
“If a blog appeared in the module, it was possible, using debugging software in a certain way, to view certain account information associated with the blog,” Tumblr reported in a statement on the incident.
Tumblr does not believe the vulnerability was exploited nor any user information accessed, but if this had been done an unauthorized person could have obtained email addresses, hashed and salted passwords, locations, previously used email addresses, last login IP address and the name of the blog associated with the account.
The company said the flaw was fixed within 12 hours of being reported and enhanced monitoring has been installed to detect and prevent similar problems from happening again.
