URL shortening service Bitly has disclosed they were the victim of a breach which exposed users’ email addresses, encrypted passwords, API keys and OAuth tokens, but say they have seen no indication that individual accounts have been accessed.
“We have taken steps to ensure the security of all accounts, including disconnecting all users’ Facebook and Twitter accounts. All users can safely reconnect these accounts at their next login,” the company said in a statement.
“We invalidated all credentials within Facebook and Twitter. Although users may see their Facebook and Twitter accounts connected to their Bitly account, it is not possible to publish to these accounts until users reconnect their Facebook and Twitter profiles.”
Bitly offered the following step-by-step instructions to reset API keys and OAuth tokens:
1) Log in to your account and click on ‘Your Settings,’ then the ‘Advanced’ tab.
2) At the bottom of the ‘Advanced’ tab, select ‘Reset’ next to ‘Legacy API key.’
3) Copy down your new API key and change it in all applications. These can include social publishers, share buttons and mobile apps.
4) Go to the ‘Profile’ tab and reset your password.
5) Disconnect and reconnect any applications that use Bitly. You can check which accounts are connected under the ‘Connected Accounts’ tab in ‘Your Settings.’
“We have already taken proactive measures to secure all paths that led to the compromise and ensure the security of all user data going forward,” the company stated.
Like in most breach instances, we can assume that this is not the end of the story. Investigations in such circumstances most often result in further disclosures about sensitive account and user data being compromised, so stay tuned…
Read More Here…