—
From Tumblr staff blog, although you can find more information about this human error: Security hole spotted in Tumblr (I know, I know, but you must admit it’s funny they treat a human error as security hole).
Some sensitive souls are wondering if it’s OK to disclose that kind of information once one finds the problem, and this comment has a good point about it:
If someone’s fly is unzipped, I’d point it out because that’s the sort of accident that can happen to even the most competent and discerning.
If someone’s pants are sagged around their knees, I expect them to have noticed this themselves, and by walking around in public they’ve accepted the possibility of ridicule.
Yes, I would say that’s a pants down kind of issue.
And then some people start blaming PHP, while the truth is more simple and mundane: someone mistyped the opening PHP tag, and this code went live. That’s all.
Btw, I hope you’re not using a valuable password in your Tumblr. I’m not talking about mistyped tags but about not providing SSL access when you’re logged in the platform.
