Bitly a URL shortening service, based in New York and launched in 2008 was hacked and user credentials may have been compromised. Bitly is used by more than 200 users to share hundreds of millions of links every month. Millions of users, use the Bitly shortening services to post links on various social sites like Facebook and Twitter.
Mark Josephson, CEO of Bitly posted a blogpost said that Bitly may have been hacked and user account credentials may have been compromised.
We have reason to believe that Bitly account credentials have been compromised; specifically, users’ email addresses, encrypted passwords, API keys and OAuth tokens. We have no indication at this time that any accounts have been accessed without permission. We have taken steps to ensure the security of all accounts, including disconnecting all users’ Facebook and Twitter accounts. All users can safely reconnect these accounts at their next login.
The company said it had invalidated user accounts from automatically posting to Facebook and Twitter as of now. Which means that Bitly users and blog owners whose shortened links are directly posted on Facebook and Twitter will have to manually do so till Bitly fixes its security issues.
Bitly’s chief executive Mark Josephson wrote: “The team has been working hard to ensure all accounts are secure.” He has also outlined steps users were advised to take.
Following are step-by-step instructions to reset your API key and OAuth token:
1) Log in to your account and click on ‘Your Settings,’ then the ‘Advanced’ tab.
2) At the bottom of the ‘Advanced’ tab, select ‘Reset’ next to ‘Legacy API key.’
3) Copy down your new API key and change it in all applications. These can include social publishers, share buttons and mobile apps.
4) Go to the ‘Profile’ tab and reset your password.
5) Disconnect and reconnect any applications that use Bitly. You can check which accounts are connected under the ‘Connected Accounts’ tab in ‘Your Settings.’
Subsequently Bitly has published three updates as follows :
UPDATE #1 – MAY 8 at 8:32PM EDT: We have updated the section of this post regarding users who have Twitter or Facebook accounts connected to their Bitly accounts.
UPDATE #2 – MAY 9 at 10:30AM EDT: We have updated this post to explain what specifically was compromised and we’re encouraging all of our users to secure their Bitly accounts by following the recommendations listed below.
UPDATE #3 – MAY 9 at 2:45PM EDT: We have updated this post to address questions regarding the Bitly iPhone app. If you’re experiencing any trouble with the Bitly iPhone app, please update to the latest version found here.