Security notice

Earlier this afternoon, during alterations to our administrator code, access to certain administrator controls was incorrectly exposed for 40 minutes.  This was immediately corrected after coming to our attention, and we proceeded to audit our access logs.

27 registered email addresses were exposed (those accounts have now been contacted), and 1 account had data altered that was immediately restored.  No other accounts were affected, no passwords are stored in plain text, and all data is backed-up and journalled.

Obviously, the privacy, reliability, and integrity of your data is our single most important responsibility.  We screwed up today, and we cannot possibly express our remorse.  While we are taking further measures to make sure nothing like this can happen again, please know that your data integrity is already our single biggest consideration.

If there’s anything we can explain or clarify, you can reach us at support@tumblr.com.

We’d also like to make a special apology to Julia Allison, whose account was temporarily affected by our mistake.

Advertisements

65 responses to “Security notice

  1. We still love you, Tumblr.
    Everyone spazzes out sometimes.

  2. Kudos for the fast response and the honesty. Wish other companies would follow suit (Hello CCP? http://preview.tinyurl.com/5y68ok)

    Bad Karma to TechCrunch for being dorks and publishing it super quick, eh?

  3. The time it took you from being aware of the fact until it was fixed was impressive. Much luv to Tumblr still. Mistakes are human, &c.

  4. Thanks for letting us know! You guys are awesome.

  5. Just read about this on Techcrunch. Glad you guys are quick. Makes me wonder, is there a way to backup your Tumblr entries or are you just SOL if things go terribly wrong?

  6. Thats right peter, shoot the messenger.

    Its tumblr that screwed up

  7. Privacy? funny, all that the scamers have to do is read our logs. :-) Most are usually just short of including social security numbers, but barely.

    Thanks though. G.

  8. No problem, Tumblr! Everyone loves a company which can admit & correct its mistakes!

  9. Thank you for this notice. Tumblr gets more respect in my book for being both upfront and honest about their mistakes.

  10. don’t worry, you’ll have to organize a party to make us feel right :D

  11. Thanks for the prompt communication, honest disclosure, and mea culpa. You set a good example for others.

  12. awwww :(

    it’s ok :)

  13. Thanks for the notice. Your service is better than any other blogging site I’ve been on! (And that’s saying quite a bit.)

  14. You guys where fast to response to the problem.
    This is one reason why tumblr is great besides that they really read their support mail and fix problems immediately.

  15. Way to go you guys, handled maturely and appropriately. Very Professional but admitting it and not hiding anything, Another reason to love tumblr!

  16. Don’t worry about it. Stuff happens. I blame Techcrunch for this mishap though – http://www.techcrunch.com/2008/04/15/major-security-hole-at-tumblr/

  17. I am with you guys. Well done tumblr. Shame on tech crunch.

  18. Brandon Patterson

    Everyone makes mistakes =]

  19. I appreciate the transparency and honesty David. Thanks for being awesome!

  20. Good on you for being so upfront and quick to fix. It’s impressive and great to see.

  21. @verbal@janella.com: You can use the JSON API to backup your entries. Here is a Python script for doing that: http://time-loop.tumblr.com/post/21172056 .

  22. Aww, thanks for the fast response and honesty, Tumblr!

  23. It’s pretty hard to get mad about a free service, especially when any issues with it did nothing to affect me. I admire the upfront honesty… in this age of corporate scandals, it’s quite refreshing.

  24. no worries tumblr. i love you.

    it was someone posting on hackernews first then techcrunch.

    by the way, how weird is it that this is a wordpress blog?

  25. Hey, it happens to the best of us…
    Everybody makes mistakes…everybody has those days…ACK!!! I did not just have a Hannah Montana moment…anyway, good job on the quick response. On the bright side, it could’ve been worse…

  26. dur! just saw the link on the right. haha. oops.

  27. must agree; we still love you

  28. No worries Tumblr. This app shreds. S H R E D S!

  29. I wish more services were as upfront and honest about their screw-ups as Tumblr. Way to show some integrity! :)

  30. Thanks for being honest; not a lot of folks would own it like that.

  31. I agree with snorgy and steph. Thank you for the honesty, we love you for it :)

  32. Techcruch is a total douchebag for posting this for everyone to see before it was fixed.

  33. thanks for being transparent. love you tumblr more. you won my loyalty.

  34. Hooray!!

    This is the second time I have felt obligated to congratulate you on the best practice professionalism that you display in dealing with things like this.

  35. I appreciate your guys commitment to protecting your users. Especially for a free service. Your ability to recognize the problem, fix it, and post an explanation so quickly is totally commendable. Keep up the great work!

  36. Can’t blame you guys…it happens to everyone~

  37. Thank you for dealing with this with such class and honesty! Very refreshing.

  38. Thank you for being open and honest with us. And for quickly rectifying the error. We all make mistakes and learn.

  39. Thanks for being there and doing what you are doing – and for the open communication!

  40. My layout is gone and I can’t pick a new one?

  41. Don’t Worry, Fellas! THAT’S THE INTERNET

  42. ‘preciate it. Great job Tumblr.

  43. Just shows that you guys are human.

  44. Nobleness & Integrity are best expressed with direct honesty, Thank you for exhibiting these traits by example. Well done in all accounts!

  45. Good looking out – Thanks!

  46. You are right to be concerned with the security of data entrusted to you. I am impressed by your knowledge of the timing of this regrettable incident and the promptness with which you dealt with the problem. I am sure other users will agree: tumblr win hands down for web 2.0

    Hurrah!

  47. Kudos to the team!! Rarely I see this kind of message in the IT community!

    again, many thanks for this lovely tool to express ourselves!
    Dario, from Argentina!

  48. hey it’s okay guys, i still luv ya!

  49. I wonder how the hackers get to know the vulnerability in such a short time and start exploiting it. I appreciate you being so frank and honest in sharing this unfortunate experience; I know some sites which do not mention such negative events at all.

  50. yea you guys are amazing. dont worry bout it

  51. Ah, fast reaction, happy that not a lot of people were affected

  52. Well, some problems happened but that’s okay :) Thank you very much for letting us know and grab the immediate action :D You guys rock! :D Thanks, once again :)

  53. Nice alert system you have going. Fits right in.

  54. it was me… I DID IT !!!

    j/k obviously…

    big ups for being so upfront… you guys are R.A.D !!!

  55. Pingback: Major Security Hole at Tumblr

  56. In the interests of transparency why don’t you explain what happened to the peoples blogs who were exposed.

    I was on Julia Allison’s blog yesterday and it had been hacked with a disgusting picture of a man’s ass, a javascript popup that said ‘I hate n*ggers’ and the browser window kept replicating. What is that all about?, how do we know that it won’t happen to us?

  57. Pingback: www.ubraniaroxy.pl » Blog Archive » Major Security Hole at Tumblr

  58. Quick response, guys, but should we thank anyone for giving the queen of narcissism, Julia Allison, more space for her bubbleheaded brand of self-promotion?

  59. You guys are so honest. I have no doubt that all of us Tumblr users are in very good hands.

  60. cube university free house usa english dog tom minor australia

  61. Alexwebmaster

    Hello webmaster
    I would like to share with you a link to your site
    write me here preonrelt@mail.ru

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s