Self-Defeating Security on Tumblr

  • Unknown's avatar
    coldplasmas · Member ·

    Automattic (WordPress.com’s parent company) owns Tumblr, so this would seem to be the only place to talk about this subject. Here’s what happened: along with a few thousand other people, I was forced to move out of my apartment with two day’s notice, because our building manager wanted to do a gut rehab on the building as a resume building exercise. That was horribly illegal, of course, but this being Chicago, the law didn’t really matter.

    I got my possessions (including my computer) into storage quickly, so that they wouldn’t end up on the street. By the time I was able to retrieve those possessions and get back online, I found that I was now locked out of my account (even though I still knew the password for it), because somebody on the Tumblr team thought he had a bright idea. I got to write to them about that.

    I just tried to log in to update both my email address and my password. I do not have access to my old email account (email removed) because suddenly, without warning (or notice to its users), (company name removed) went out of business. The site doesn’t even exist, any more.

    I still have my old password, so I can prove I am me. Your system, however, is getting in my way as I attempt to do so, because it insists on having me use a link that it is sending to an email address that no longer exists.

    I guess you’re trying to keep our blogs secure, but when we’re locked out of them for life, ourselves, just because the third party we’re getting our email accounts from flakes out, is that really security? Functionally, how is that different from having one’s account being hacked? Either way, one loses access because of what somebody else did.

    Here we get to a real problem, and a need for Automattic to get involved. When you acquired Tumblr, you would seem to have picked up a number of former Yahoo employees in the process. Yahoo had a bad habit of responding to problem reports with hand holding form letters that didn’t address the problem, and Tumblr has apparently been doing the same to its users, judging from what I’ve been hearing from some of my fellow users. Eg. the infamous non-https assets bug, which has been in place since the Yahoo days.

    Sorry to barge into the WordPress.com forums, but where else am I go to report the fact that some of your employees have made a habit of being completely unhelpful, and that a boneheaded security idea on one of your sites is locking some of your users out of their accounts, for life?

    Unless your company gets involved, and forces your employees to be reasonable, none of this is going to get fixed. Seriously – nobody at Tumblr ever had the idea than an email provider would go out of business? Shouldn’t there be some provision for that possibility? Is the refusal to build that possibility into Tumblr’s plans really fair to the users of Tumblr?

    Permanently losing access to one’s blog because one’s email provider tanked? How does that make sense? How is that reasonable?

  • staff-mckluskey · Staff ·

    Hi there,

    I’m afraid this is not the right place to get help with your Tumblr account.

    Please reach out to their support team directly via this form:
    https://www.tumblr.com/support.

  • The topic ‘Self-Defeating Security on Tumblr’ is closed to new replies.