URL shortening service Bitly announced a security breach regarding account credentials today. Here’s what you need to know.
Bitly announced that account credentials including user email addresses, encrypted passwords, API keys and OAuth tokens have been compromised. This means that not only should you change your passwords, but if you have given Bitly access to any of your social media accounts, you need to reset these tokens as well. Here’s how to do that, from Bitly’s blog post:
Following are step-by-step instructions to reset your API key and OAuth token:
1) Log in to your account and click on ‘Your Settings,’ then the ‘Advanced’ tab.
2) At the bottom of the ‘Advanced’ tab, select ‘Reset’ next to ‘Legacy API key.’
3) Copy down your new API key and change it in all applications. These can include social publishers, share buttons and mobile apps.
4) Go to the ‘Profile’ tab and reset your password.
5) Disconnect and reconnect any applications that use Bitly. You can check which accounts are connected under the ‘Connected Accounts’ tab in ‘Your Settings.’
Bitly has stated that it has invalidated all Facebook and Twitter credentials so hopefully you won’t see any rogue updates or links sent from Bitly, but you’ll need to re-authorise your social media accounts through the process above before you can return to business as usual. You can read more about the security breach at the source link below.
Urgent Security Update Regarding Your Bitly Account [Bitly Blog]