Tumblr's Security Breach Downplayed as Time Goes By

By Kenna McHugh Comment

“Time heals all” may play an important role in blogging platform Tumblr’s snafu this last weekend. The company is downplaying the significance of a security breach, according to Mashable.

The calamity began with an obvious tweet Saturday morning letting folks know security breach in the platform of Tumblr occurred. “OMG… The Tumbeasts are spitting out passwords!”

Like most castrophoric tweets, the retweeting commenced and flooded Twitter like a tsunami, foretelling the world doom is near because of a coding error. A security hole was opened wide and possibly revealing users’ passwords, server IP addresses, API keys and personal information.

To error is human and Tumblr admits a human being made the mistake which led to the exposure of “sensitive server configuration information”, but not the rumored disclosure of users’ login details. The platform fixed the situation just a few hours after its detection and is now reviewing its dealings to make sure similar calamities are prevented.

If you visit the official Tumblr page, you will see a note: “We’re triple checking everything and bringing in outside auditors to confirm, but we have no reason to believe that anything was compromised, We’re certain that none of your personal information (passwords, etc.) was exposed, and your blog is backed up and safe as always.”

I hope that brings relief to its users, but it does bring up the question of security, which, according to The Hacker News and elsewhere in the community believe the culprit was a errant piece of PHP code. So, it’s not out-security it’s miss-spelling.

Tumblr’s purpose is to make blogging easier for users who want to post images and videos ono a short-form blog with a total of 15 million users.