The latest major online outfit to suffer from a breach is Bitly, the url shortening service beloved by users of Twitter and Facebook. According to a statement from Bitly CEO Mark Josephson, the company has "reason to believe that Bitly account credentials have been compromised."
Although Josephson insists that there is no indication at the current time that any Bitly accounts have actually been accessed by the hackers, he has quite wisely taken the proactive step of disconnecting all users' Facebook and Twitter accounts which means they will be required to reconnect these when they next login once their API key and OAuth tokens have been changed, and password reset.
"We invalidated all credentials within Facebook and Twitter. Although users may see their Facebook and Twitter accounts connected to their Bitly account, it is not possible to publish to these accounts until users reconnect their Facebook and Twitter profiles" Josephson states.
So how do you do that? Well, in true Bitly style, here's the short of it:
- Log in, navigate to Your Settings|Advanced
- Hit the reset button next to Legacy API key
- Copy new key, change in all apps
- Reset password from profile tab
- Disconnect and reconnect all Bitly using apps
Meanwhile, Josephson insists that Bitly has "already taken proactive measures to secure all paths that led to the compromise and ensure the security of all account credentials going forward."
