bit.ly urges users to change account details after hackers break in

Bit.ly pufferfish
Bit.ly's security defenses have been overrun

Link-shortening service bit.ly has issued a warning to its users that account information may have been compromised. The firm says there is no indication that any accounts have been accessed, but that it has taken proactive steps to ensure that accounts have been secured.

In order to help protect users, Facebook and Twitter accounts that were linked to bit.ly accounts have been disconnected. bit.ly has advised users to change their API key and OAuth tokens, reset their passwords and reconnect any Facebook and Twitter accounts that may have been disconnected.

Security guidance

The following guidance has been issued to users to ensure the security of accounts:

  • Log in to your account and click on 'Your Settings,' then the 'Advanced' tab.
  • At the bottom of the 'Advanced' tab, select 'Reset' next to 'Legacy API key.'
  • Copy down your new API key and change it in all applications. These can include social publishers, share buttons and mobile apps.
  • Go to the 'Profile' tab and reset your password.
  • Disconnect and reconnect any applications that use Bitly. You can check which accounts are connected under the 'Connected Accounts' tab in 'Your Settings.'

No specific details of how the suspected attack was carried out have been provided, but bit.ly's CEO Mark Josephson said in a blog post, "We have already taken proactive measures to secure all paths that led to the compromise and ensure the security of all account credentials going forward."

As part of his blog post, Josephson apologized to bit.ly users and advised that further updates would be announced on the company's Twitter account.