After Bitly was compromised this week, the company has shared more information on what actually happened to the service yesterday in a post on its blog.
The company says that it discovered there was strangely high traffic to a backup of the service’s source code that wasn’t initiated internally. After quickly determining that a staff member’s account had been compromised, the company immediately invalidated all Twitter and Facebook credentials and forced internal password resets to ensure user security.
Bitly says that no production data was accessed or changed and as a result of the attack it is accelerating development on a number of security related projects, including two-factor support and email notifications of password changes.
It also is reassuring users that while passwords were accessed, they are encrypted so are relatively safe. We’d still recommend you change your passwords in any case, just to be sure.
Image credit: Creatas / Thinkstock