In another episode of the security breach of a major online service, Bitly was recently hacked and its user credentials compromised. The company has since sent out an alert, prompting its users to change their passwords.
This isn’t the first time Bitly is in the middle of a security crisis. Only two months earlier, the link-shortening service came under a heavy DDoS attack, which is typically meant to disrupt a service’s security or knock it offline. This time, it seems that the hackers were able to breach the security and lay their hands on the passwords of the users.
In an official blog post, Bitly’s CEO Mark Josephson said, “We have reason to believe that Bitly account credentials have been compromised. We have no indication at this time that any accounts have been accessed without permission.”
As a result of the breach, Bitly has disconnected the linked Facebook and Twitter account of all its users. The company has further asked all users to reset their passwords and reconnect their social media accounts at the next login. Interestingly, Bitly has also issued an extensive set of steps for the users to follow, in order to secure their accounts. These include:
- Log in to your account and click on “Your Settings,” then the “Advanced” tab.
- At the bottom of the “Advanced” tab, select “Reset” next to “Legacy API key.”
- Copy down your new API key and change it in all applications. These can include social publishers, share buttons and mobile apps.
- Go to the “profile” tab and reset your password.
- Disconnect and reconnect any applications that use Bitly. You can check which accounts are connected under the “Connected Accounts” tab in “Your Settings.”
The company has officially stated that no suspicious activity on any of the user accounts have been detected and that they have no reason to believe that any of the accounts have been hacked. However, the urgency with which the company is trying to mitigate any such possibility belies that the nature of the security breach was rather serious.