Bitly, a leading URL shortening service, is currently grappling with a significant data breach that puts user account credentials at risk. In a blog post released yesterday, the company alerted its users that their account details may have been compromised in an incident involving potential unauthorized access to sensitive information.
Mark Josephson, CEO of Bitly, acknowledged the breach, stating, “We believe that Bitly account credentials have been compromised, including email addresses, encrypted passwords, API keys, and OAuth tokens.” However, he emphasized that, to date, there is no evidence indicating that any user accounts have been directly accessed by hackers.
Established in 2008, Bitly has become essential for users seeking to shorten URLs for easier sharing. Privately owned and headquartered in New York City, Bitly processes over one billion shortened links monthly while offering a robust analytics platform that supports brands in optimizing their social media reach.
Bitly’s response includes severing the connection of all users’ Facebook and Twitter accounts with the service to mitigate risks of exposure. Users are encouraged to change their passwords and then safely reconnect their social media accounts. The company has not provided detailed information on the attack vector or whether other types of data were also intercepted beyond account credentials.
The company has taken proactive security measures to address vulnerabilities exploited during the incident. This follows the time when Bitly served as the default link shortener for Twitter until 2009, when the platform launched its own shortening feature.
In light of the breach, all users are required to reset their passwords, API keys, and OAuth tokens in accordance with Bitly’s instructions. Josephson strongly advised users to follow these steps for enhanced security, reinforcing the importance of protecting sensitive account information from future risks.
To reset API key and OAuth token, users should log into their accounts, navigate to ‘Your Settings,’ and access the ‘Advanced’ tab to initiate the reset process. They must also review which applications are connected to their Bitly accounts to ensure no unauthorized access persists.
Bitly stated, “We have taken proactive measures to secure all paths that led to the compromise and to ensure the security of account credentials going forward. We take your security and trust seriously.” This statement highlights the company’s ongoing commitment to its users as investigations continue into the sources of the breach.