There's "no evidence" that anyone exploited the bug, and "nothing to suggest" someone accessed unprotected info, Tumblr said. This doesn't completely rule out an intrusion, but there's no immediate sign of trouble.

This isn't as large an incident as the recent Facebook hack or Twitter's direct message bug, but it's still serious. Tumblr's code would have let attackers obtain info they could use for phishing scams, harassment and other campaigns. The transparency helps, but it also reinforces notions that data security is an ongoing problem at internet giants.