Popular url shortner Bit.ly stated, on Saturday, that it believed the security of its account holders may be been compromised. And so, in an online advisory, released by the tech company, it instructed users to change their passwords.

COMMERCIAL BREAK
SCROLL TO CONTINUE READING

How it happened"Early Thursday morning, the Bitly security team learned of the potential compromise of Bitly user credentials from the security team of another technology company," they informed. "Over the course of the next few hours, the security team determined with a high degree of confidence that there had been no external connections to our production user database or any unauthorised access of our production network or servers. They observed that we had an unusually high amount of traffic originating from our offsite database backup storage that was not initiated by Bitly. At this point, it was clear that the best path forward was to assume the user database was compromised and immediately initiate our response plan, which included steps to protect our users’ connected Facebook and Twitter accounts."

What are they doing about it?They have, so far, taken some immediate steps to contain the attack. Among them are:- Invalidated all Twitter and Facebook credentials- Rotated all credentials for offsite storage systems- Enabled detailed logging on offsite storage systems - Rotated all SSL certificates- Reset credentials used for code deployment- GPG encryption of all sensitive credentials- Enforced two-factor authentication on all third party services company-wide- Accelerated development of our work to support two-factor authentication for bitly.com- Accelerated development for email confirmation of password changes- Added additional audit details to user security pages- Enabled detailed logging on offsite storage systems- Updated iPhone App to support updated OAuth tokens

What should Bit.ly users do?And while their backend is working on to fix any potential threats that could follow this breach, Bit.ly has also advised users to reset their security passwords. "Please take the following steps to secure your account: change your API key and OAuth token, reset your password, and reconnect your Facebook and Twitter accounts," they advise.

Following are step-by-step instructions to reset your API key and OAuth token:1) Log in to your account and click on ‘Your Settings,’ then the ‘Advanced’ tab.2) At the bottom of the ‘Advanced’ tab, select ‘Reset’ next to ‘Legacy API key.’3) Copy down your new API key and change it in all applications. These can include social publishers, share buttons and mobile apps.4) Go to the ‘Profile’ tab and reset your password.5) Disconnect and reconnect any applications that use Bitly. You can check which accounts are connected under the ‘Connected Accounts’ tab in ‘Your Settings.’

For iPhone users, Bit.ly has already put out a security patch and advises quick update to the latest version.