We recently learned that a third party had obtained access to a set of Tumblr user email addresses with salted and hashed passwords from early 2013, prior to the acquisition of Tumblr by Yahoo. As soon as we became aware of this, our security team thoroughly investigated the matter. Our analysis gives us no reason to believe that this information was used to access Tumblr accounts. As a precaution, however, we will be requiring affected Tumblr users to set a new password.
For additional information on keeping your accounts secure, please visit our Account Security page.
If you’re wondering why you were forcibly logged out of Tumblr with no warning and required to reset your password today, see above.
You know what would have been better than kicking me out and forcing a password change with no explanation, making your homepage look like a phishing site, Tumblr? SENDING OUT AN EMAIL OR SOMETHING.
Wow I’m glad that didn’t happen to me that’s shady as shit looking???
HEY GUYS THIS IS SUPER IMPORTANT:
I’ve already been forced to reset my password just now, but I’ve also seen several people on my dash who have basically lost their blogs because they had those blogs tied to defunct e-mail addresses they no longer had access to - and tumblr is giving no option for resetting your password without access to the e-mail they send you
If you haven’t been hit with the password reset yet - and it seems to be rolling out in waves - this would be a really good time to be sure your e-mail preferences are up-to-date in your tumblr account. If you can’t access the reset e-mail when they send it to you, you’re locked out.
Hopefully they’ll fix this or come up with a work-around, but in the meantime, be prepared.
the most crucial thing to do in the event of a data leak is to CHANGE THE COMPROMISED PASSWORDS ON OTHER SITES
if you are using your 2013-era tumblr password for other websites, and i know that almost everyone goes years and years using the same passwords without changing them, then change the passwords! this is really important.
coincidentally tbh i’ve been going through my online accounts and generating new sets of passwords for my most important accounts using this: http://passwordsgenerator.net/ for apple, 9 characters, upper+lowercase, plus a weird one (like ^ or &) is “strong” security. i just generate them until i get one i can remember for whatever reason. you could also try ‘corrupting’/encoding an uncommon word with these kinds of tricks maybe.
i am super leery of this vague ass press release shit up there because publicly announcing anything makes tumblr potentially liable afaik and the fact that they’re being this vague about “a third party” “obtaining access” should NOT make you assume that your data is safe!!!!!! change ya passwords
having the same (old) (non-secure) password for your entire digital life* means if someone gets that password they have everything. they can get into your sephora account, or your amazon, or your itunes, or your 32 gmail accounts. or the 300 accounts you forgot you have. the possibilities are really unnerving and i don’t mean to be spooky but, yeah
i hope all your tumblr accounts are safe and secure also yall godspeed
* im guilty of this which is why im literally in the process of undoing it right now
