Bitly gets hacked, prompts password reset for all accounts

Website publishers will have to reauthorize Twitter and Facebook sharing as well.

URL shortening service Bitly has reset all user passwords in response to being hacked.

"We have reason to believe that Bitly account credentials have been compromised," Bitly wrote in a blog post. "We have no indication at this time that any accounts have been accessed without permission."

Bitly didn't give any details on how the attack occurred, and didn't say if any other information was stolen besides account credentials. The company says it has taken "proactive measures to secure all paths that led to the compromise."

In addition to resetting all passwords, Bitly has also invalided all Twitter and Facebook credentials, so publishers will have to reconnect these accounts before posting via Bitly. Users will also have to reset their API keys and OAuth tokens, following the instructions on Bitly's blog.

The compromise doesn't appear to affect people who don't sign into Bitly, and are only using it as a basic link-shortening service. But it does affect registered users who take advantage of tools like saved links, stat tracking and social network sharing. The attack will mainly cause headaches for website publishers who use Bitly to share and track story links.

Tags internetFacebooktwittersocial networkingInternet-based applications and servicesWeb sites

Show Comments