Bitly gets hacked, prompts password reset for all accounts
The largest URL shortening service on the internet Bitly has reset all user passwords in response to being hacked.
“We have reason to believe that Bitly account credentials have been compromised,” Bitly mentioned in a blog post. “We have no indication whatsoever that any accounts have been accessed without permission.”
Bitly didn't provide any details on how the attack happened, and didn't mentioned if any other information was stolen besides account details. The company says it has taken “proactive measures to secure all loopholes that led to the compromise.”
In addition to resetting all passwords, the company has also invalided all Facebook and Twitter credentials, so publishers will have to reconnect these accounts before posting via Bitly. All users will also have to reset their API keys and OAuth tokens, following those instructions on Bitly's blog.
The compromise doesn't appear to affect people who don't log into Bitly, and who are only using it as a basic link-shortening service. But it does affect registered clients who take advantage of tools like saved links, social network sharing and stat tracking. This attack will mainly cause headaches for website publishers who use Bitly to share and track story links.
“We have reason to believe that Bitly account credentials have been compromised,” Bitly mentioned in a blog post. “We have no indication whatsoever that any accounts have been accessed without permission.”
Bitly didn't provide any details on how the attack happened, and didn't mentioned if any other information was stolen besides account details. The company says it has taken “proactive measures to secure all loopholes that led to the compromise.”
In addition to resetting all passwords, the company has also invalided all Facebook and Twitter credentials, so publishers will have to reconnect these accounts before posting via Bitly. All users will also have to reset their API keys and OAuth tokens, following those instructions on Bitly's blog.
The compromise doesn't appear to affect people who don't log into Bitly, and who are only using it as a basic link-shortening service. But it does affect registered clients who take advantage of tools like saved links, social network sharing and stat tracking. This attack will mainly cause headaches for website publishers who use Bitly to share and track story links.
No comments: