If you use the iOS app for the popular microblogging and photo-sharing service Tumblr, make sure to download version 3.4.1 (or later) right away to avoid a security vulnerability that could allow an attacker to sniff your Tumblr password in transit. And, of course, change your password on Tumblr and any other sites that might share the same password!
The implication from Tumblr’s brief blog post apologizing for the lapse is that certain versions of the app were transmitting your password in the clear, such that anyone listening in on Wi-Fi traffic on a public hotspot, for instance, could see your password. Lest you feel secure in the fact that no one in the coffee shop where you’re working looks sketchy, remember that the Wi-Fi network is undoubtedly accessible from various nearby locations. Even more concerning is the fact that Wi-Fi sniffing software could be an automated process installed by Windows malware and running unnoticed on a compromised PC in the office next door.
I don’t suggest such a scenario to induce paranoia, but to illustrate why the detailed advice that Joe Kissell gives in “Take Control of Your Passwords” is so important. In this case, you have some control over whether your Tumblr password is exposed — only those using a previous version of the Tumblr app on a Wi-Fi network that was being sniffed need worry. But you have no control over whether a company’s account system is hacked, so all that protects you when that happens are strong passwords that are never reused across multiple sites.
Stay safe out there.