On Tuesday, Tumblr released a “very important” security update for the iPhone and iPad apps to address a vulnerability that, in certain circumstances, could have been exploited by cybercriminals to compromise passwords.
The Yahoo-owned company advises those who have been using these apps to change their passwords on Tumblr and on other services where the same passphrase is utilized.
Tumblr hasn’t made public the details of the vulnerability, but the company has revealed that the passwords could have been “sniffed in transit on certain versions of the app.”
Experts have told The Register that the iOS apps failed to log in users through a secure connection, thus allowing cybercriminals to intercept plain text passwords by sniffing the network traffic.
Such vulnerabilities can be dangerous since many users connect to their social media accounts via unsecure public Wi-Fi networks.