World’s famous URL shortening service, bit.ly gets hacked. In order prevent problems to user accounts, bit.ly has decided to reset all user’s password.
bit.ly
In a blog post, bit.ly said “We have reason to believe that Bitly account credentials have been compromised; specifically, users’ email addresses, encrypted passwords, API keys and OAuth tokens.” They also said that they had no indication at this time that any accounts have been accessed without permission.
To prevent any further issues on user accounts, bit.ly also removed all user’s facebook, twitter account connections. This means that all the users of bit.ly have to reconnect these account once they login with the new password. Users are also requested to reset their API keys and OAuth tokens through the instructions given in their blogpost.
They also said “Although users may see their Facebook and Twitter accounts connected to their Bitly account, it is not possible to publish to these accounts until users reconnect their Facebook and Twitter profiles.”
The company has also provided instructions for users to reset API key and OAuth token:
Log in to your account and click on ‘Your Settings,’ then the ‘Advanced’ tab.
At the bottom of the ‘Advanced’ tab, select ‘Reset’ next to ‘Legacy API key.’
Copy down your new API key and change it in all applications. These can include social publishers, share buttons and mobile apps.
Go to the ‘Profile’ tab and reset your password.
Disconnect and reconnect any applications that use Bitly. You can check which accounts are connected under the ‘Connected Accounts’ tab in ‘Your Settings.’
There are no details about how the security breakthrough has happened but bit.ly’s CEO Mark Josephson said “We have already taken proactive measures to secure all paths that led to the compromise and ensure the security of all account credentials going forward.”
This security compromise doesn’t affect users who just use bit.ly for url shortening, it will affect users who are registered and use features like link stats, traffic etc. The company has said that they have undertaken enough action to prevent any damage to user accounts.