This shouldn’t really have surprised anyone, but…

I was this many years old when I found out that Tumblr has had far more data leaks than they have come clean about. However, I tend to run in the right circles to make myself privy to that sort of information — I grew up around hackers and programmers, and I consider them “my people” before I would consider anyone else my people. It was humorous to find out that someone with… insider information on the May 2022 data leak for Tumblr had actually found my blog, read the posts that I had written in it about security concerns, and validated them by contacting me on Discord to let me know that all of my security concerns were correct. I was then walked through the exploit used to get into Tumblr’s back end and how one would… keep getting into Tumblr’s back end, and I was told what the hackers could do (and perhaps what they were most interested in doing), which I wrote about in more the last blog post of mine that addressed the data leak.

Again, I tried to bring this up to Tumblr in the form of Tweets directed to them. And again, I was literally ignored by Tumblr. If they want to ignore an active data breach that exposed passwords in plain text, that’s fine by me. I don’t have an account on their website any more, and I have absolutely no inclination on ever making one again if this is how things are going to be. I don’t think I’ve ever truly seen a website so utterly incompetent — they couldn’t even bother responding to me to thank me for my concerns, and I already know that their “site security” (if you can even call it that) has not addressed the exploit that the hackers literally uploaded to facilitate ease of use continuing to get back into Tumblr’s back end because it is seriously still there. I mean, how can you ignore security issues that are this glaring when there is tangible proof that they exist and are actually there? Do you not care about the safety of the information that users of your site post?

Leave a Reply