Earlier this afternoon, during alterations to our administrator code, access to certain administrator controls was incorrectly exposed for 40 minutes. This was immediately corrected after coming to our attention, and we proceeded to audit our access logs.
27 registered email addresses were exposed (those accounts have now been contacted), and 1 account had data altered that was immediately restored. No other accounts were affected, no passwords are stored in plain text, and all data is backed-up and journalled.
Obviously, the privacy, reliability, and integrity of your data is our single most important responsibility. We screwed up today, and we cannot possibly express our remorse. While we are taking further measures to make sure nothing like this can happen again, please know that your data integrity is already our single biggest consideration.
If there’s anything we can explain or clarify, you can reach us at support@tumblr.com.
We’d also like to make a special apology to Julia Allison, whose account was temporarily affected by our mistake.
65 responses so far ↓
Nik // April 15, 2008 at 5:09 pm
We still love you, Tumblr.
Everyone spazzes out sometimes.
Peter // April 15, 2008 at 5:10 pm
Kudos for the fast response and the honesty. Wish other companies would follow suit (Hello CCP? http://preview.tinyurl.com/5y68ok)
Bad Karma to TechCrunch for being dorks and publishing it super quick, eh?
Simen // April 15, 2008 at 5:14 pm
The time it took you from being aware of the fact until it was fixed was impressive. Much luv to Tumblr still. Mistakes are human, &c.
Niki // April 15, 2008 at 5:15 pm
Thanks for letting us know! You guys are awesome.
verbal@janella.com // April 15, 2008 at 5:17 pm
Just read about this on Techcrunch. Glad you guys are quick. Makes me wonder, is there a way to backup your Tumblr entries or are you just SOL if things go terribly wrong?
// April 15, 2008 at 5:22 pm
Thats right peter, shoot the messenger.
Its tumblr that screwed up
GanderThoughts // April 15, 2008 at 5:22 pm
Privacy? funny, all that the scamers have to do is read our logs. :-) Most are usually just short of including social security numbers, but barely.
Thanks though. G.
Atropos // April 15, 2008 at 5:24 pm
No problem, Tumblr! Everyone loves a company which can admit & correct its mistakes!
Nina // April 15, 2008 at 5:25 pm
Thank you for this notice. Tumblr gets more respect in my book for being both upfront and honest about their mistakes.
Chris // April 15, 2008 at 5:26 pm
Rockin.
axel // April 15, 2008 at 5:29 pm
don’t worry, you’ll have to organize a party to make us feel right :D
Dhrumil // April 15, 2008 at 5:36 pm
I like it!
Tammy // April 15, 2008 at 5:38 pm
Thanks for the prompt communication, honest disclosure, and mea culpa. You set a good example for others.
sahba // April 15, 2008 at 5:39 pm
awwww :(
it’s ok :)
Cody // April 15, 2008 at 5:40 pm
Thanks for the notice. Your service is better than any other blogging site I’ve been on! (And that’s saying quite a bit.)
Synmirror // April 15, 2008 at 5:40 pm
You guys where fast to response to the problem.
This is one reason why tumblr is great besides that they really read their support mail and fix problems immediately.
Cayce // April 15, 2008 at 5:45 pm
Way to go you guys, handled maturely and appropriately. Very Professional but admitting it and not hiding anything, Another reason to love tumblr!
Mirza // April 15, 2008 at 5:56 pm
Don’t worry about it. Stuff happens. I blame Techcrunch for this mishap though – http://www.techcrunch.com/2008/04/15/major-security-hole-at-tumblr/
alex // April 15, 2008 at 5:58 pm
I am with you guys. Well done tumblr. Shame on tech crunch.
Brandon Patterson // April 15, 2008 at 5:59 pm
Everyone makes mistakes =]
Thommy Browne // April 15, 2008 at 6:02 pm
I appreciate the transparency and honesty David. Thanks for being awesome!
Stephanie // April 15, 2008 at 6:04 pm
Good on you for being so upfront and quick to fix. It’s impressive and great to see.
mousebender // April 15, 2008 at 6:05 pm
@verbal@janella.com: You can use the JSON API to backup your entries. Here is a Python script for doing that: http://time-loop.tumblr.com/post/21172056 .
Inggrid // April 15, 2008 at 6:11 pm
Aww, thanks for the fast response and honesty, Tumblr!
Bradtastic // April 15, 2008 at 6:16 pm
It’s pretty hard to get mad about a free service, especially when any issues with it did nothing to affect me. I admire the upfront honesty… in this age of corporate scandals, it’s quite refreshing.
sam care // April 15, 2008 at 6:21 pm
no worries tumblr. i love you.
it was someone posting on hackernews first then techcrunch.
by the way, how weird is it that this is a wordpress blog?
TK // April 15, 2008 at 6:21 pm
Hey, it happens to the best of us…
Everybody makes mistakes…everybody has those days…ACK!!! I did not just have a Hannah Montana moment…anyway, good job on the quick response. On the bright side, it could’ve been worse…
sam care // April 15, 2008 at 6:22 pm
dur! just saw the link on the right. haha. oops.
mfg // April 15, 2008 at 6:34 pm
must agree; we still love you
sharky // April 15, 2008 at 6:42 pm
No worries Tumblr. This app shreds. S H R E D S!
Steph // April 15, 2008 at 6:48 pm
I wish more services were as upfront and honest about their screw-ups as Tumblr. Way to show some integrity! :)
snorgy // April 15, 2008 at 7:02 pm
Thanks for being honest; not a lot of folks would own it like that.
Paopi // April 15, 2008 at 7:29 pm
I agree with snorgy and steph. Thank you for the honesty, we love you for it :)
mindset // April 15, 2008 at 7:31 pm
Techcruch is a total douchebag for posting this for everyone to see before it was fixed.
shzcool // April 15, 2008 at 7:42 pm
thanks for being transparent. love you tumblr more. you won my loyalty.
barnobi // April 15, 2008 at 7:44 pm
Hooray!!
This is the second time I have felt obligated to congratulate you on the best practice professionalism that you display in dealing with things like this.
whit // April 15, 2008 at 7:49 pm
I appreciate your guys commitment to protecting your users. Especially for a free service. Your ability to recognize the problem, fix it, and post an explanation so quickly is totally commendable. Keep up the great work!
photon // April 15, 2008 at 7:52 pm
Can’t blame you guys…it happens to everyone~
Brady Brim-DeForest // April 15, 2008 at 8:02 pm
Thank you for dealing with this with such class and honesty! Very refreshing.
littlempire // April 15, 2008 at 8:12 pm
Thank you for being open and honest with us. And for quickly rectifying the error. We all make mistakes and learn.
Marlyse Comte // April 15, 2008 at 8:13 pm
Thanks for being there and doing what you are doing – and for the open communication!
forgivemenot // April 15, 2008 at 8:19 pm
My layout is gone and I can’t pick a new one?
Tron Guy // April 15, 2008 at 8:41 pm
Don’t Worry, Fellas! THAT’S THE INTERNET
Kim // April 15, 2008 at 8:53 pm
‘preciate it. Great job Tumblr.
Autumn Welles // April 15, 2008 at 8:59 pm
Just shows that you guys are human.
nanc // April 15, 2008 at 9:04 pm
Nobleness & Integrity are best expressed with direct honesty, Thank you for exhibiting these traits by example. Well done in all accounts!
MadisonK // April 15, 2008 at 9:05 pm
Good looking out – Thanks!
zowoco // April 15, 2008 at 9:10 pm
You are right to be concerned with the security of data entrusted to you. I am impressed by your knowledge of the timing of this regrettable incident and the promptness with which you dealt with the problem. I am sure other users will agree: tumblr win hands down for web 2.0
Hurrah!
dario // April 15, 2008 at 9:20 pm
Kudos to the team!! Rarely I see this kind of message in the IT community!
again, many thanks for this lovely tool to express ourselves!
Dario, from Argentina!
excessparty // April 15, 2008 at 9:33 pm
hey it’s okay guys, i still luv ya!
Mohammad Behdad محمد بهداد // April 15, 2008 at 9:44 pm
I wonder how the hackers get to know the vulnerability in such a short time and start exploiting it. I appreciate you being so frank and honest in sharing this unfortunate experience; I know some sites which do not mention such negative events at all.
2rusty // April 15, 2008 at 9:45 pm
yea you guys are amazing. dont worry bout it
tldaily // April 15, 2008 at 9:57 pm
Ah, fast reaction, happy that not a lot of people were affected
Jason // April 15, 2008 at 10:18 pm
Sweet!
Nindya // April 15, 2008 at 10:28 pm
Well, some problems happened but that’s okay :) Thank you very much for letting us know and grab the immediate action :D You guys rock! :D Thanks, once again :)
tab // April 15, 2008 at 10:29 pm
Nice alert system you have going. Fits right in.
kinto // April 15, 2008 at 10:35 pm
it was me… I DID IT !!!
j/k obviously…
big ups for being so upfront… you guys are R.A.D !!!
Major Security Hole at Tumblr // April 16, 2008 at 12:36 am
[...] According to the person who posted the exploit on Hacker News, Tumblr has already been notified of the security hole but apparently has yet to fix it. Update: They’ve just fixed it. It was a known exploit for about an hour. Update 2: Tumblr’s security notice. [...]
MichaelC // April 16, 2008 at 12:08 pm
In the interests of transparency why don’t you explain what happened to the peoples blogs who were exposed.
I was on Julia Allison’s blog yesterday and it had been hacked with a disgusting picture of a man’s ass, a javascript popup that said ‘I hate n*ggers’ and the browser window kept replicating. What is that all about?, how do we know that it won’t happen to us?
www.ubraniaroxy.pl » Blog Archive » Major Security Hole at Tumblr // April 17, 2008 at 12:43 am
[...] According to the person who posted the exploit on Hacker News, Tumblr has already been notified of the security hole but apparently has yet to fix it. Update: They’ve just fixed it. It was a known exploit for about an hour. Update 2: Tumblr’s security notice. [...]
Sven // April 17, 2008 at 1:18 pm
Quick response, guys, but should we thank anyone for giving the queen of narcissism, Julia Allison, more space for her bubbleheaded brand of self-promotion?
Fáelán // April 21, 2008 at 10:57 pm
Ego te absolvo!
Johnny // April 23, 2008 at 3:44 pm
You guys are so honest. I have no doubt that all of us Tumblr users are in very good hands.
thisapple // August 31, 2008 at 9:38 pm
cube university free house usa english dog tom minor australia
Alexwebmaster // March 3, 2009 at 5:08 am
Hello webmaster
I would like to share with you a link to your site
write me here preonrelt@mail.ru