‘Take action now’: Bitly warns account security could be compromised

Fan of link shortening service Bitly? You’ll be greeted by something other than your most recent links and stats the next time you log in — specifically, a message warning you that your account security may have been compromised.

In a blog post, Bitly CEO Mark Josephson explains that his team has “reason to believe” that Bitly accounts’ security may have been affected, but it has no evidence that any of its users’ accounts have been accessed in the breach. But, as a precaution, Bitly has disconnected all connected Facebook and Twitter accounts, which means users will have to re-authorise the link sharing service to access their social media accounts the next time they log in. Until they do that, they will not be able to publish to their Facebook and Twitter accounts from Bitly.

We suspect Bitly account credentials have been compromised. Please take action now. Details here: http://t.co/ZExA9TreXd

— Bitly (@Bitly) May 9, 2014

The process to reauthorise the accounts is a bit complicated, but basically involves resetting the API key, changing your Bitly password and reconnecting the accounts. Step-by-step information on how to do that is available on the Bitly blog.

While Josephson says that his team has secured all paths which lead to the security breach, he hasn’t given any more information on exactly what happened, or how the team discovered the compromise. For example, we don’t know if the service was hacked and it managed to close the door to its API and third party accounts before it could be accessed maliciously, or if it discovered a security hole which was patched before it was exploited.

It seems users will just have to trust that Bitly has sorted out the problem, or wait for more details to emerge.