Bitly published an urgent security warning on Thursday explaining that it suspects that users’ account credentials have been compromised.
The company noted that it has no evidence of unauthorized access to any accounts, but it disconnected users’ Facebook and Twitter accounts just to be sure.
F**k it, we'll do it live!
Our biggest ever edition of TNW Conference is fast approaching! Join 10,000 tech leaders this May in Amsterdam.
Users should take the following steps to reset their OAuth tokens, API keys, password and then reauthorize connected applications:
1) Log in to your account and click on ‘Your Settings,’ then the ‘Advanced’ tab.
2) At the bottom of the ‘Advanced’ tab, select ‘Reset’ next to ‘Legacy API key.’
3) Copy down your new API key and change it in all applications. These can include social publishers, share buttons and mobile apps.
4) Go to the ‘Profile’ tab and reset your password.
5) Disconnect and reconnect any applications that use Bitly. You can check which accounts are connected under the ‘Connected Accounts’ tab in ‘Your Settings.’
Bitly said it has taken “proactive measures” to block the breach and protect user data. Unfortunately, the company’s statement isn’t very clear on what happened, so it raises a lot more questions than it answers. I’ve reached out to Bitly for more information, but for now, you’ll just have to trust Bitly that the steps it outlines in its blog will keep your account secure (and assume that it hasn’t been compromised already).
Update: Bitly declined to provide more information, instead pointing to its blog post and Twitter account.
Update 2: Bitly has provided more information about the issue, warning that “users’ email addresses, encrypted passwords, API keys and OAuth tokens” have been compromised. It is recommending that all users go through the above steps.
➤ Urgent Security Update Regarding Your Bitly Account [Bitly blog]
Image credit: Creatas / Thinkstock