Data breach leaves Bitly accounts compromised
URL reducer comes up short after malicious attack
Bitly has confirmed its account holders' credentials may have been compromised by a malicious attack.
The website is used by millions of people to shorten links for posting on social media. Account holders link it to their Facebook and Twitter profiles, meaning their social media accounts might now also be at risk.
In a blog post, chief executive Mark Josephson assured readers "the team has been working hard to ensure all accounts are secure."
Bitly said the company has no reason to believe any accounts have been accessed without permission. As a security precaution, however, it has shut down all Facebook and Twitter-connected accounts.
"We have already taken proactive measures to secure all paths that led to the compromise and ensure the security of all account credentials going forward," added Josephson.
A step-by-step guide has been posted on the blog, directing users to reset their API keys and security settings. Bitly also advises users to disconnect and reconnect from any applications that use the service and reset their passwords.
The URL service launched its website in 2008 and gained popularity the following year as the default shortening service used on Twitter. The company also offers a paid enterprise solution used by firms The New York Times and Pepsi for their social campaigns.
The company has yet to respond to a request for comment.
How virtual desktop infrastructure enables digital transformation
Challenges and benefits of VDIFree download
The Okta digital trust index
Exploring the human edge of trustFree download
Optimising workload placement in your hybrid cloud
Deliver increased IT agility with the cloudFree Download
Modernise endpoint protection and leave your legacy challenges behind
The risk of keeping your legacy endpoint security toolsDownload now