The link-shortening service Bitly posted an urgent security update Thursday stating that the company has reason to believe that account credentials connected to its service were compromised.
The possible breach of account was first reported by Bitly on a Twitter post on the same day. Reactions on the social media sites were varied. Some asked the company to clarify if passwords and emails were stolen or not.
"We have no indication at this time that any accounts have been accessed without permission," Bitly CEO Mark Josephson says in the company blog.
He however notes that the company already took proactive steps for protection of its users, to make sure that all accounts are secure, including disconnection of Twitter and Facebook accounts of Bitly users. These users can reconnect their accounts safely next time they log in.
He also advises that users should do these steps to secure or protect their accounts: change their API key and OAuth token; reset their passwords; reconnect their Twitter and Facebook accounts.
The blog post reveals that the company invalidated all the credentials within Twitter and Facebook, and even though users may see their social media accounts still linked to their Bitly accounts, it is impossible to publish such accounts until the users reconnect their Twitter and Facebook profiles.
To reset the API key and OAuth token, Josephson shares the following:
- Users must log in to their accounts and click "Your Settings" tab, followed by the "Advanced" tab.
- At the end of the "Advanced" tab, choose "Reset" next to the "Legacy API key."
- Copy the new API key and then change the key using the new one in all applications, including mobile apps, share buttons and social publishers.
- Head on to "Profile" tab and then reset the password.
- All applications that make use of the link-shortening service must be disconnected and reconnected. To check which of the accounts are linked, go to the "Connected Accounts" tab in "Your Settings."
He also assures Bitly users that the company already implemented proactive measures to protect all paths that resulted to the said compromise and to guarantee security of all account credentials hereon.
"We take your security and trust in us seriously. The team has been working hard to ensure all accounts are secure," he says, at the same time apologizing to its users for the inconvenience.
Bitly disclosed no further details regarding the possible breach, but it assures that any possible further updates will be posted on its Twitter feed. For specific questions regarding an account, the company can be reached at support@bitly.com.