Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Bitly discloses account compromise, urges users to change passwords

Steve Ragan | May 12, 2014
Company said account credentials were compromised, but refused to provide details.

On Thursday evening, Bitly (, one of the Web's largest URL shortening services, urged users to reset their API keys, OAuth tokens, and passwords.

In a notice to users, Bitly's CEO, Mark Josephson, said that account credentials were compromised, but didn't offer any additional details.

"We have reason to believe that Bitly account credentials have been compromised," Josephson's statement explained.

"We have no indication at this time that any accounts have been accessed without permission. For our users protection, we have taken proactive steps to ensure the security of all accounts, including disconnecting all users Facebook and Twitter accounts. All users can safely reconnect these accounts at their next login."

The company posted manual steps on the blog for users to follow in order to reset account access, including passwords, OAuth tokens, and API keys.

The company said that they've "taken proactive measures to secure all paths that led to the compromise."

However, when asked to explain further, a spokesperson pointed Salted Hash to the company blog and Twitter feed, refusing to comment further.

This post will be updated should Bitly change their tune, offering additional details in order to help the public better understand the problems that led to this incident.


Sign up for CIO Asia eNewsletters.