Tumblr says the it found 'no evidence that this bug was abused, and there is nothing to suggest that unprotected account information was accessed'
MANILA, Philippines – Tumblr disclosed on Wednesday, October 17 (October 18, Manila time) it had patched a bug on its site that could have exposed the information of some of its users, though they said there was no evidence pointing to the bug being exploited.
According to Tumblr's disclosure, the bug was found on the Recommended Blogs module on the desktop version of the site. If a blog appeared on the module, debugging software used a specific way could allow someone to view account information associated with the blog.
"Hashing" and "salting" a password refer to additional cryptographic processes that make it harder to crack a password.
Tumblr added it "thoroughly investigated any way in which our community could have been affected."
It found "no evidence that this bug was abused, and there is nothing to suggest that unprotected account information was accessed."