Tumblr posted a blog post Tuesday night warning users to change their passwords and released a very important security update for iOS users after identifying a breach that compromised their passwords.
It seems that, under certain circumstances, the prior versions of the iPhone and iPad apps would allow an individual with malicious intent to sniff or intercept passwords as they are in transit across a local network. The problem arose because the iPad and iPhone apps fail to log users in through a secure server.
The vulnerability does not seem to have affected Tumblr’s Android app. The company urged users to download the latest version of the Tumblr app, which is available in the Apple iTunes Store.
The company did not provide further details on the breach. It’s also good practice to use different passwords across different services by using an app like 1Password or LastPass.
It doesn’t appear that any passwords got in the hands of malicious individuals, though you should probably listen to Tumblr and change your password just in case.