Bad news. A major vulnerability, known as “Heartbleed,” has been disclosed for the technology that powers encryption across the majority of the internet. That includes Tumblr.
We have no evidence of any breach and, like most networks, our team took immediate action to fix the issue.
But this still means that the little lock icon (HTTPS) we all trusted to keep our passwords, personal emails, and credit cards safe, was actually making all that private information accessible to anyone who knew about the exploit.
This might be a good day to call in sick and take some time to change your passwordseverywhere—especially your high-security services like email, file storage, and banking, which may have been compromised by this bug.
You’ll be hearing more in the news over the coming days. Take care.
It’s been almost two years since we last updated Tumblr’s terms and policies. A lot has happened since then!
There are a fair number of changes, so we insist you read them all for yourself. Some notable updates include:
Cleanup to make all of the documents more readable
Updates to reflect changes to our products over the last two years
Information about how we work with our new parent company, Yahoo
Credits for open source projects
Some language that makes it easier for U.S. government organizations to blog on Tumblr
An attribution policy reminding people not to be jerks
Updated annotations (!)
You can review the drafts via the links above. You can also see every change, letter for letter, on GitHub (minus the plain English annotations).
We’re planning to officially launch the new terms soon and we’d really love to hear any questions or concerns. Please write to email@example.com.