Bitly accounts got hacked: What to do next?

1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 2.33 out of 5)

Stay Safe and Secure for Your Accounts

Bitly Hacked

The URL shortening service, Bitly happens to be the latest victim of the hackers. As per its CEO Mark Josephson’s latest blog update: an ‘Urgent Security Update’, they have found reasons to believe that their users’ data has been compromised. This vulnerable data consists of e-mail addresses, secured passwords, OAuth tokens and API keys.

Josephson mentions in the blog that they don’t have any indication that any of the accounts have been accessed without the permission. But as a preventive measure, the company has requested all the users to reset their account passwords. In addition to that, Bitly has also taken precautionary steps like disconnecting the social media profiles to ensure the security of all the accounts. The users generally signing in through their Twitter or Facebook accounts would be required now to reconnect their accounts.

This security breach in Bitly accounts might be a lucrative opportunity for the cyber-criminals, as most of the Bitly users link their accounts to Facebook and Twitter profiles. This opens the door for sending spam links and campaigns through this service. However, there is no confirmation of any such incidence as yet from Bitly. Also, as a precaution, if you are using the same password for Bitly and any other account, you need to change that password on the account right away. As there is a risk that the compromised Bitly password can be used to gain access to your other accounts.

Now, as per the blog update, the most important step for all the Bitly users would be to reset their API key and OAuth token. Please find below all the step-by-step instructions provided by the company, to help you reset your API key and OAuth token:

1) First of all, log in to your account and click on ‘Your Settings,’ then the ‘Advanced’ tab.

2) Now, at the bottom of the ‘Advanced’ tab’s menu, select ‘Reset’ next to ‘Legacy API key.’

3) Copy down your new API key and change it in all applications. These may include social publishers, share buttons and mobile applications.

4) Now reset you password by going into the ‘Profile’ tab.

5) Disconnect and reconnect any applications that use Bitly. You can now check which accounts are connected under the ‘Connected Accounts’ tab in ‘Your Settings.’

Apart from providing the basic information about the security breach and few precautionary steps to be taken by the users, Bitly chose not to explain how it found out about the breach in the privacy of customer accounts. Moreover, the company has shared no details about exactly which information the hackers might have gained access to.

It is important to note here that this security breach will not be affecting users who use Bitly just as a basic link-shortening service without signing in. However, it does affect all the registered users who use the tools like saved links, stat tracking and social network sharing. The attack can also potentially pose as a threat to all the website publishers who use Bitly to track and share story links.

Josephson signs off the blog post with an apology for any inconvenience caused and claims that their team is working hard to make sure all the accounts are secure and that they take users’ security very seriously. Users can check out latest updates on their Twitter feed: @Bitly. And for any account specific questions, they can send e-mails on [email protected]