According to an announcement made by Mark Josephson, the company’s CEO, Bitly has “reason to believe” that user account credentials have been compromised.
“For our users’ protection, we have taken proactive steps to ensure the security of all accounts, including disconnecting all users’ Facebook and Twitter accounts,” Josephson noted in a blog post.
There’s no evidence that accounts have been accessed, but credentials within Facebook and Twitter have been invalidated. While social media accounts may appear connected to Bitly accounts, users must reconnect them before they can publish anything.
In addition to reconnecting their social media accounts, users are also advised to change their passwords, API keys and OAuth tokens.
Passwords can be reset from the “Profile” tab in the “Your Settings” menu. API keys can be changed from the “Advanced” tab by selecting the “Reset” option next to “Legacy API key.” The new key must be copied and changed in all applications, including mobile apps, share buttons and social publishers.
The company has taken steps to make sure the security holes that led to the breach have been addressed.
For the time being, Bitly hasn’t provided any details regarding when the breach occurred or who might be behind the attack.