Tumblr has released an emergency update for its iOS app to fix a bug that allowed people to sniff out passwords. Tumblr was notified of the security vulnerability today. The company says that if you have been using its iOS apps, you should also update your Tumblr password and your password on any sites where you use the same password. From the company's blog:
Important security update for iPhone/iPad users
We have just released a very important security update for our iPhone and iPad apps addressing an issue that allowed passwords to be compromised in certain circumstances¹. Please download the update now.
If you've been using these apps, you should also update your password on Tumblr and anywhere else you may have been using the same password. It's also good practice to use different passwords across different services by using an app like 1Password or LastPass.
Please know that we take your security very seriously and are tremendously sorry for this lapse and inconvenience.
¹ "Sniffed" in transit on certain versions of the app
Tumblr can be downloaded from the App Store here. By downloading the latest version you will have closed the password security hole.