Tumblr released a “very important” security update for the iPhone and iPad apps to address a vulnerability attackers could exploit to compromise passwords.
Tumblr, owned by Yahoo, said those who have been using these apps should change their passwords on Tumblr and on other services where they utilize the same passphrase.
Tumblr has not the details of the vulnerability public, but the company said the passwords could have been “sniffed in transit on certain versions of the app.”
The iOS apps failed to log in users through a secure connection, thus allowing cybercriminals to intercept plain text passwords by sniffing the network traffic, security researchers said.
Such vulnerabilities can be dangerous since quite a few users connect to their social media accounts via unsecure public Wi-Fi networks.