The social media site Tumblr disclosed was able to head off a potential cyber-security issue when its bug bounty program revealed a vulnerability that could have exposed user PII.
"If a blog appeared in the module, it was possible, using debugging software in a certain way, to view certain account information associated with the blog," Tumblr reported in a statement on the incident.
Tumblr does not believe the vulnerability was exploited nor any user information accessed, but if this had been done an unauthorised person could have obtained email addresses, hashed and salted passwords, locations, previously used email addresses, last login IP address and the name of the blog associated with the account.
The company said the flaw was fixed within 12 hours of being reported and enhanced monitoring has been installed to detect and prevent similar problems from happening again.
Originally published in scmagazine.com North America.