Bitly Compromised, Users Should Change Passwords

  • 10 May 2014
  • 3 replies
  • 1343 views

Userlevel 7
Badge +54


 
 
 
 
 
 
 
 
 
 
by Seth Fitzgerald on May 9, 2014 at 4:03 pm
 
 
Another day, another security breach online. Bitly–the popular link-shortening tool–says that it may have been breached, leaving users vulnerable. The potential attack was announced in a security update post on the company’s blog, which explains why the service disabled Facebook and Twitter account integration.
By disconnecting Bitly from social networks, private information can be protected if a breach did actually occur. Even though the post says that a breach is likely, CEO Mark Josephson has yet to be informed of any accounts being accessed by hackers.
 
Full Article

3 replies

Userlevel 7
Badge +56
We use it so @ changed our password 🙂
Userlevel 7
Badge +54
by Chris Brook
 
The link-shortening service Bitly announced late last week that it’s ramping up its development of two-factor authentication following a compromise that leaked user information on Thursday.
The breach, first discovered Thursday morning, spilled users’ email addresses, encrypted (salted and hashed) passwords, API keys and OAuth tokens.
 
The team was quick to invalidate Twitter and Facebook credentials right off the bat but developers had their hands full over the weekend, adding and fine-tuning several additional layers of security.
The company claims it immediately implemented two-factor authentication on all accounts on the source code repository and that it’s rapidly developing the technology for Bitly.com.
 
Full Article
 
Userlevel 7
Badge +54
URL shortening service says user database may have been compromised through backup data.
A breach of customer data at URL shortening service Bit.ly was likely caused through unauthorized access of offsite backup data maintained by a third-party hosting provider, company officials say.
In a blog posted over the weekend, Bit.ly offered further explanation of its customer database breach, which was first reported on May 8. The compromise forced the company to invalidate all Twitter and Facebook credentials of its users and initiate a breach investigation.
 
Full Article

Reply