Bitly gets hacked, prompts password reset for all accounts

Website publishers will have to reauthorize Twitter and Facebook sharing as well.

URL shortening service Bitly has reset all user passwords in response to being hacked.

"We have reason to believe that Bitly account credentials have been compromised," Bitly wrote in a blog post. "We have no indication at this time that any accounts have been accessed without permission."

Bitly didn't give any details on how the attack occurred, and didn't say if any other information was stolen besides account credentials. The company says it has taken "proactive measures to secure all paths that led to the compromise."

In addition to resetting all passwords, Bitly has also invalided all Twitter and Facebook credentials, so publishers will have to reconnect these accounts before posting via Bitly. Users will also have to reset their API keys and OAuth tokens, following the instructions on Bitly's blog.

The compromise doesn't appear to affect people who don't sign into Bitly, and are only using it as a basic link-shortening service. But it does affect registered users who take advantage of tools like saved links, stat tracking and social network sharing. The attack will mainly cause headaches for website publishers who use Bitly to share and track story links.

Tags Internet-based applications and servicessecuritytwittersocial networkinginternetWeb sitesFacebook


Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

ZENworks® Endpoint Security Management

Protect against bugs in USB Storage devices

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.