Bitly Customer Credentials Likely Exposed in Breach
URL shortener Bitly has been breached and clients’ account credentials have been compromised, the company announced in a blog post.
The company has disconnected all users’ Facebook and Twitter accounts from its service as a precautionary measure. Bitly also warns customers about the urgency of securing their accounts and recommends changing the API key and OAuth token, resetting the password, and reconnecting Facebook and Twitter accounts.
“We invalidated all credentials within Facebook and Twitter. Although users may see their Facebook and Twitter accounts connected to their Bitly account, it is not possible to publish to these accounts until users reconnect their Facebook and Twitter profiles,” said Mark Josephson, Bitly’s CEO.
Bitly is a free US-based service, established in 2008, that shortens approximately one million website URLs per month to be posted on social media channels. Clients include The Huffington Post, the Weather Channels, Nokia and Gap.