Last week URL shortening service Bitly disclosed they were the victim of a breach which exposed users’ accounts, addresses, encrypted passwords, API keys and OAuth tokens, and advised users to change account passwords and any API keys in all associated applications.
The company has released more details from their investigation into the breach and say they are confident the hackers did not compromise their production networks and servers, but are now known to have breached an offsite backup customer database and a Source Code repository.
“The Security Team determined with a high degree of confidence that there had been no external connections to our production user database or any unauthorized access of our production network or servers. They observed that we had an unusually high amount of traffic originating from our offsite database backup storage that was not initiated by Bitly,” the company stated.
“At this point, it was clear that the best path forward was to assume the user database was compromised and immediately initiate our response plan, which included steps to protect our users’ connected Facebook and Twitter accounts.”
Initial conclusions based on the investigation show that the attackers were able to access the offsite database by compromising an employee’s account and stealing access credentials from a hosted Source Code Repository. The passwords stored are said to have been salted and hashed, though ones that had not been changed since January 8th, 2014 were stored as slated MD5.
“We audited the security history for our hosted source code repository that contains the credentials for access to the offsite database backup storage and discovered an unauthorized access on an employee’s account,” the statement continued. “We immediately enabled two-factor authentication for all Bitly accounts on the source code repository and began the process of securing the system against any additional vulnerabilities.”
Bitly is sending notification emails to all users from the domain “bitlysupport.com” outlining the steps to secure affected accounts. Users should be wary of any notifications, as the attackers or others seeking to take advantage of the breach may attempt to spoof the “bitlysupport.com” domain header in phishing emails in an attempt to get users to reveal their login credentials.
Bitly has also implemented two-factor authentications, and all users are encouraged to use it for added security.
Read More Here…