Data breach leaves Bitly accounts compromised
URL reducer comes up short after malicious attack
Bitly has confirmed its account holders' credentials may have been compromised by a malicious attack.
The website is used by millions of people to shorten links for posting on social media. Account holders link it to their Facebook and Twitter profiles, meaning their social media accounts might now also be at risk.
In a blog post, chief executive Mark Josephson assured readers "the team has been working hard to ensure all accounts are secure."
Bitly said the company has no reason to believe any accounts have been accessed without permission. As a security precaution, however, it has shut down all Facebook and Twitter-connected accounts.
"We have already taken proactive measures to secure all paths that led to the compromise and ensure the security of all account credentials going forward," added Josephson.
A step-by-step guide has been posted on the blog, directing users to reset their API keys and security settings. Bitly also advises users to disconnect and reconnect from any applications that use the service and reset their passwords.
The URL service launched its website in 2008 and gained popularity the following year as the default shortening service used on Twitter. The company also offers a paid enterprise solution used by firms The New York Times and Pepsi for their social campaigns.
The company has yet to respond to a request for comment.
2021 Thales cloud security study
The challenges of cloud data protection and access management in a hybrid and multi cloud worldFree download
IDC agility assessment
The competitive advantage in adaptabilityFree Download
Digital transformation insights from CIOs for CIOs
Transformation pilotes, co-pilots, and engineersFree download
What ITDMs did next - and what they should be doing now
Enable continued collaboration and communication for hybrid workers