Bitly, a popular link shortener used by many in the marketing industry, issued a warning late Thursday that accounts may have been compromised. The company has taken steps to minimize any damage, and is asking users to reset accounts for added security.
In its announcement, Bitly says that there’s no indication that any accounts have been accessed without permission, but “users’ email addresses, encrypted passwords, API keys and OAuth tokens” may have been compromised. Those credentials are what Bitly uses to allow connections between its user accounts and third-party sites (like social networks) where Bitly links are often shared. For that reason, the company has automatically disconnected all users’ Facebook and Twitter accounts and is asking users to do more:
We are recommending all Bitly users make these changes. Please take the following steps to secure your account: change your API key and OAuth token, reset your password, and reconnect your Facebook and Twitter accounts.
Bitly’s blog post offers specific instructions how to do that. The company also says that it has “taken proactive measures to secure all paths that led to the compromise and ensure the security of all user data going forward.”