Tumblr Stuff
22 октября 2018
Being transparent about security bugs
Hi Tumblr,
There’s some important information we want to share with you about a recent security bug we’ve resolved. Most importantly, there is no action required of you. We’ve resolved the issue, and have no evidence of this security bug being abused. We still, however, think it’s the right thing to do to let you know.
A few weeks ago, we received a report of a bug involving user account information from a security researcher participating in our bug bounty program, which invites some of the best researchers in the world to test the security of our systems. The bug was resolved by our engineering team within 12 hours of being reported to us, and we’ve taken steps to enhance product monitoring and analysis that will help prevent and detect this type of bug in the future.
The bug was in the “Recommended Blogs” feature on the desktop version of Tumblr. “Recommended Blogs” module displays a short, rotating list of blogs of other users that may be of interest, and appears only for logged-in users. If a blog appeared in the module, it was possible, using debugging software in a certain way, to view certain account information associated with the blog.
We’ve also thoroughly investigated any way in which our community could have been affected. We found no evidence that this bug was abused, and there is nothing to suggest that unprotected account information was accessed.
We’re not able to determine which specific accounts could have been affected by this bug, but our analysis has shown that the bug was rarely present. When it was, it was possible that certain user account information could have been viewed. This included email address, protected (hashed and salted) password of the Tumblr account, self-reported location (a no longer available feature), previously used email addresses, last login IP address, and the name of the blog associated with the account.
It’s our mission to provide a safe space for people to express themselves freely and form communities around things they love. We feel that this bug could have affected that experience. We want to be transparent with you about it. In our view, it’s simply the right thing to do.
news
PRESS START
Welcome to Tumblr’s official Gaming blog. It was about time we leveled up and started a place to show off all things gaming and eSports on Tumblr. We’re here to connect you with incredible content for the kind of community experience you deserve.
First up—fan art! A Tumblr fave. Want to have your art featured on our blog? Submit your best gaming-themed fan art for a chance to be featured on Fan Art Fridays—a weekly showcase of this talented community’s best stuff. A Winner Is You!
Get ready, Tumblr. This is Gaming.
staff
We hear entering “↑ ↑ ↓ ↓ ← → ← → 🅑 🅐 START” somewhere on @gaming, our latest official Tumblr, unlocks free lives. Go on and give it a follow.
gaming