Yesterday, the service sent an email to users with instructions on how to secure their accounts. In a move to protect their users, Bitly’s security team invalidated all credentials connected to Facebook and Twitter. According to Mark Josephson, CEO of Bitly, they’ve already taken measures to make sure all paths that led to the compromise of users’ data have been secured.
Following are the step-by-step instructions posted on the Bitly.com blog to reset your API key and OAuth token:
- Log in to your account and click on ‘Your Settings,’ then the ‘Advanced’ tab.
- At the bottom of the ‘Advanced’ tab, select ‘Reset’ next to ‘Legacy API key.’
- Copy down your new API key and change it in all applications. These can include social publishers, share buttons and mobile apps.
- Go to the ‘Profile’ tab and reset your password.
- Disconnect and reconnect any applications that use Bitly. You can check which accounts are connected under the ‘Connected Accounts’ tab in ‘Your Settings.’
Regarding your connected Facebook and Twitter, all you have to do is reconnect your accounts the next time you log in those services. If you are using Bitly for iPhone, you will need to update your app to the latest version.
In the wake of this serious breach of security, Bitly has not only enforced two-factor authentication on all third party services company-wide (yay!), they’ve taken steps to speed up their work on development of a two-factor authentication for bitly.com (double yay). Other changes have been made on their end, and if you’re interested in that, you can get more information on their blog, but these are the changes we’re most excited about. Strong passwords and two-factor authentication will go a long way toward keeping people safe.
The fixes we have stated here are simple and easy and if you’re a bitly.com user, we recommend you implement these now. For additional updates, please follow @Bitly on Twitter and/or subscribe to their blog.
Other resources on this topic: