Bitly, the URL shortening service has been hacked therefore for precautionary measures the company has canceled all the Facebook and Twitter accounts associated with its service. “We have reason to believe that Bitly account credentials have been compromised. We have no indication at this time that any accounts have been accessed without permission.”
However, the blog post by Bitly suggests that they have not identified any account that has been hacked but nevertheless it is advising its users to disconnect their account.
Since the API key is at the fault Bitly is asking its users to change the API key and OAoth token before they reconnect their social accounts to the service. Bitly also clarifies that even after disconnecting all Facebook and Twitter accounts their users might see they profiles connected with the service but they will not be able to use it until they reconnect.
To stay safe here is what you need to do before you connect your Facebook and Twitter accounts with Bitly again.
1) Log in to your account and click on ‘Your Settings,’ then the ‘Advanced’ tab.
2) At the bottom of the ‘Advanced’ tab, select ‘Reset’ next to ‘Legacy API key.’
3) Copy down your new API key and change it in all applications. These can include social publishers, share buttons and mobile apps.
4) Go to the ‘Profile’ tab and reset your password.
5) Disconnect and reconnect any applications that use Bitly. You can check which accounts are connected under the ‘Connected Accounts’ tab in ‘Your Settings.’
We have already taken proactive measures to secure all paths that led to the compromise and ensure the security of all account credentials going forward.
If you notice an unusual activity in your Facebook or Twitter account you can seek advice from Bitly’s support team. The URL shrinking service is open for queries on firstname.lastname@example.org