The public mainstream users of popular internet service Tumblr have been notified today that two-factor authentication practices are now recommended as well as a password change on the Tumblr website. Unfortunately this information release forgets to mention some pertinent information, a compromise has occurred through an SSL vulnerability known as the “Bleeding Heart” security hole to hackers who took advantage of this earlier in the week to acquire an unknown amount of personal information.
If you use Tumblr then your password and personal information has just been potentially compromised. Unfortunately, you can’t go changing your name, birthday, home address, phone number, and email on every social profile every time something like this happens. Security Questions and Password Recovery are always a haunting reminder that there’s back-doors to our accounts everywhere.
Long story short, you can change your password. And if the password you use for Tumblr is one that you’ve used on many accounts then those should be considered compromised until also changed. It’s best to establish a password-tier system of low, medium, and high level passwords that you keep based on the importance of each gateway. Even better still, some internet users still have the patience to create a unique password for every service they are a part of.
This security breach is the latest in a long multiple year string of never-ending breaches which have included the breach of PlayStation, Xbox, Steam, Credit Card Companies, Government and Military Databases, Adobe, Google, SnapChat, and many other well known services. Stuff like this often gets swept under the rug unfortunately, and end users don’t always get all of the information. Be sure to change passwords periodically and avoid forgetting and recovering them constantly or you’ll also be filling your data-stream with the info needed for that back-door as well.
Here is the Public Information Release from Tumblr today:
“A major vulnerability has been disclosed for the technology that powers encryption across the majority of the internet. That includes Tumblr. Our team took immediate action to fix the issue, but you should still take some time to change your password, not only on Tumblr but on any other sites you visit.
You should also strongly consider enabling two-factor authentication. It’ll go a long way to ensure that no one besides you can access your account. Thanks, and take care.”
Here is the Public Information Release from MetaCritic today:
“Dear Metacritic User,
Earlier this week, a major vulnerability in the technology that powers encryption across much of the Internet was discovered. Our security team has verified that Metacritic was not affected. If you’re using the same password on a site that has been affected, it’s recommended you change your Metacritic password as a precaution.”
-The Metacritic Team
“A lot of websites are currently reporting vulnerabilities (dubbed the Heartbleed bug) discovered in OpenSSL, the encryption technology used by a majority of websites and/or online services like banks, e-mail providers and social media sites, to protect sensitive data as it’s transmitted from users to web services.
Even though Battle.net’s encryption was not affected by this vulnerability, your account could be at risk, if you use the same password on Battle.net that you use elsewhere (sites affected by this bug). If this applies to you, it’s strongly recommended to change your Battle.net password to a new, unique password (the safest one would contain capitals, numbers and special signs). It’s best for your account safety to maintain separate login credentials for each online service you use. Using the same e-mail and password across multiple services greatly increases the potential impact of any compromise.”
– Blizzard Entertainment via MMOSite
Editor’s Note: RealGamerNewZ has moved web servers, some older posts can no longer be commented on and have been preserved without their images. Thank you for your understanding in this matter. This article was written by Jon Ireson on 20140411 and was last modified on 20140414 .