A security researcher discovered a security vulnerability in Tumblr’s “Recommended Blogs” feature. The vulnerability could have allowed hackers to steal login credentials and other private information for users’ accounts. Affected information included users email addresses, protected (hashed and salted) account passwords, passwords, self-reported location (a feature no longer available) Tumblr says it found no evidence of the bug being abused by an attacker. The company fails to determine which specific accounts were recommended via the vulnerable feature, thus is unable to disclose the number of affected users.
Source: https://thehackernews.com/2018/10/tumblr-account-hacking.html