Bitly gets hacked, prompts password reset for all accounts

Website publishers will have to reauthorize Twitter and Facebook sharing as well.

URL shortening service Bitly has reset all user passwords in response to being hacked.

"We have reason to believe that Bitly account credentials have been compromised," Bitly wrote in a blog post. "We have no indication at this time that any accounts have been accessed without permission."

Bitly didn't give any details on how the attack occurred, and didn't say if any other information was stolen besides account credentials. The company says it has taken "proactive measures to secure all paths that led to the compromise."

In addition to resetting all passwords, Bitly has also invalided all Twitter and Facebook credentials, so publishers will have to reconnect these accounts before posting via Bitly. Users will also have to reset their API keys and OAuth tokens, following the instructions on Bitly's blog.

The compromise doesn't appear to affect people who don't sign into Bitly, and are only using it as a basic link-shortening service. But it does affect registered users who take advantage of tools like saved links, stat tracking and social network sharing. The attack will mainly cause headaches for website publishers who use Bitly to share and track story links.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags internetFacebooktwittersocial networkingInternet-based applications and servicesWeb sites

More about Facebook

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Brand Page

Stories by Jared Newman

Latest Videos

More videos

Blog Posts