Users of Tumblr's iPhone and iPad apps should download the latest update without delay, following what the service describes as a "security lapse". They should also update the password they use for Tumblr and other online services, if they are in common.
User passwords were allegedly being sent over the internet unencrypted, making it easy for fraudsters to harvest their login details. For the many people who use the same login for some or all of their online activities – including banking – there would be a potential risk of unauthorised access to these services.
Tumblr's Vice President of Product Derek Gottfrid says in a post: "We have just released a very important security update for our iPhone and iPad apps addressing an issue that allowed passwords to be compromised in certain circumstances¹. Please download the update now." The post continues: "If you’ve been using these apps, you should also update your password on Tumblr and anywhere else you may have been using the same password. It’s also good practice to use different passwords across different services by using an app like 1Password or LastPass. Please know that we take your security very seriously and are tremendously sorry for this lapse and inconvenience."
Tumblr users who access the site via Windows or Android devices appear to have been unaffected.
Tumblr has recently been acquired by Yahoo!