Bitly Attacked, Advises Users to Reset Accounts | eWeek
Security Watch
SHARE
Facebook X Pinterest WhatsApp

Bitly Attacked, Advises Users to Reset Accounts

Bitly Attacked, Advises Users to Reset Accounts
Written By
Sean Michael Kerner
Sean Michael Kerner
May 9, 2014
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

The CEO of Bitly publicly admitted on May 8 that the company’s URL-shortening service was compromised.

Bitly CEO Mark Josephson blogged that compromised credentials include users’ email addresses, encrypted passwords, API keys and OAuth tokens. OAuth tokens are used to connect a Bitly account to identity systems from Facebook and Twitter for user access.

The Bitly service is widely used on the Web and on social media sharing services as a way to provide users with short links for longer Web addresses. The privately held firm shortens a billion links per month.

Though Bitly admits to being compromised, company officials said they are not aware of user accounts being accessed without permission. That said, Bitly is taking measures to limit the risk.

“For our users’ protection, we have taken proactive steps to ensure the security of all accounts, including disconnecting all users’ Facebook and Twitter accounts,” Josephson said. “Although users may see their Facebook and Twitter accounts connected to their Bitly account, it is not possible to publish to these accounts until users reconnect their Facebook and Twitter profiles.”

Josephson advises Bitly users to now log in to their accounts and reset the required OAuth token to connect and enable access from Facebook and Twitter.

While Bitly users can choose to sign up for a Bitly account and have that account connected to Facebook and Twitter, that’s not the only method they can use Bitly to shorten a link. On the Bitly.com site, there is an interface that enables anyone to shorten a single link without the need to sign up for an account or to connect via Facebook or Twitter. Having a Bitly account, however, does provide users with additional features for link tracking.

Bitly also enables users to create an account with a username and password that is not linked to the user’s Facebook or Twitter accounts.

Although there is no public indication currently of how the compromise may have occurred, Bitly is reassuring its users that the service is now secure. “We have already taken proactive measures to secure all paths that led to the compromise and ensure the security of all account credentials going forward,” Josephson said.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
Sean Michael Kerner
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information