Bitly Gets Hacked, Asks Users to Change Passwords

The company says they've secured all user data going forward.

Uh oh. (Screengrab: Twitter)

Uh oh. (Screengrab: Twitter)

Bitly users’ account information may have been compromised after a recent hack, according to a blog post published yesterday. Now, the company is urging users to change their passwords, as well as reconnect their Facebook and Twitter accounts to the site.

In the blog post, Bitly CEO Mark Josephson provided details on which information, specifically, was compromised:

“We have reason to believe that Bitly account credentials have been compromised; specifically, users’ email addresses, encrypted passwords, API keys and OAuth tokensWe have no indication at this time that any accounts have been accessed without permission. We have taken steps to ensure the security of all accounts, including disconnecting all users’ Facebook and Twitter accounts. All users can safely reconnect these accounts at their next login.

“We are recommending all Bitly users make these changes. Please take the following steps to secure your account: change your API key and OAuth token, reset your password, and reconnect your Facebook and Twitter accounts.

“We invalidated all credentials within Facebook and Twitter. Although users may see their Facebook and Twitter accounts connected to their Bitly account, it is not possible to publish to these accounts until users reconnect their Facebook and Twitter profiles.

If you have nary a clue what your API key and OAuth token are, the blog post also provides detailed steps on how to reset those pieces of data.

The posts concludes by assuring readers that Bitly has “taken proactive measures to secure all paths that led to the compromise and ensure the security of all user data going forward.”