Quote:Automattic, the company behind the WordPress.com blogging platform, said it fixed a bug in its official iOS application that might have exposed users' account authentication tokens to third-party websites.
 
"The issue created the potential of exposing security credentials to third-party websites, and only affected private websites with images hosted externally (e.g., with a service like Flickr) that are viewed or composed with the app," the company said in an email it sent to its users this week.
 
"We've fixed the issue and released an updated version of the app to the App Store," it said.

Automattic said no usernames and passwords were exposed, but only "security tokens that the app uses to communicate/authenticate with WordPress.com."