Tumblr sent in plain text passwords in iOS app
During the night of 16 to 17 July at tumblr have been very busy and nervous, because nothing else see that his application for iPhone and iPad was updated and the App Store, Tumblr has issued an urgent notice asking all users this … Posted social network? they actualizasen ASAP application, and change the password of Tumblr and any other service that uses the same password.
Although the note in his own Tumblr blog was not any information that has Security problem this application, confirm that The Register has been one of the most stupid security problems possible: Tumblr Passwords sent in plaintext, unencrypted .
This is the less, reportable. Tumblr, service recently acquired by Yahoo! , is focused on providing a single platform to publish all content under a social layer in which anyone can follow other Tumblelogs and “rebloguear” content. Its application for iPad and iPhone have been widely acclaimed for its design, including proposals as an example by Apple advertising campaigns, but it seems that security has been one of the strengths to improve on Tumblr.
The person who discovered the security breach did see it because it was investigating the security of certain apps to see if you can use a business level. To his surprise, he found that with an application as easy to use to scan the network traffic as Wireshark , the password is sent in plain text, unencrypted.
For Tumblr was advised of this decision updated the application that is already available in the App Store, but it certainly leaves a very serious question of security in Tumblr, a service used by millions of people and is now a subsidiary of Yahoo.
Although highly unlikely, that your password was stolen on Tumblr for IOS you should be connected to a Wi-Fi network where someone should be scanning the net for information.
– Important security update for iPhone / iPad users (Tumblr Staff)
– D’OH! Use Tumblr on iPhone or iPad, give your password to the WORLD (The Register)