Link shortening service Bitly hacked, users asked to reset credentials

Link shortening service Bitly late Thursday announced it has suffered a data breach, and urged all users to reset their credentials. 

Bitly’s CEO wrote in the blogpost that they have “reasons to believe that Bitly account credentials have been compromised; specifically, users’ email addresses, encrypted passwords, API keys and OAuth tokens”.

This is really bad because it is not enough just to reset the password. Each user has actually to change all applications that were using the service using the OAuth tokens.

bitly

Even if the company assures users that they have no indication at this time that any accounts have been accessed without permission, this is no guarantee. And indeed, Bitly reset Twitter and Facebook connections. Fortunately, they can be restored with just one click.

Following are step-by-step instructions to reset your API key and OAuth token:

1) Log in to your account and click on ‘Your Settings,’ then the ‘Advanced’ tab.

2) At the bottom of the ‘Advanced’ tab, select ‘Reset’ next to ‘Legacy API key.’

3) Copy down your new API key and change it in all applications. These can include social publishers, share buttons and mobile apps.

4) Go to the ‘Profile’ tab and reset your password.

5) Disconnect and reconnect any applications that use Bitly. You can check which accounts are connected under the ‘Connected Accounts’ tab in ‘Your Settings.’

 

 

Sorin Mustaca

IT Security Expert

from Avira – TechBlog http://ift.tt/1oiOJsm
via IFTTT


© Copyright Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity


Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.

Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since over 20 years in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is CEO and owner of Endpoint Cybersecurity GmbH focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .

Comments are closed.

%d bloggers like this: