Bitly alerts users of widespread account compromises, claims no accounts have been accessed

If you've ever created an account for the url shortening service Bitly before, you'll want to listen up. Bitly has now announced via their blog that they have reason to believe that Bitly account credentials have been compromised and are suggesting users change their API keys and OAuth tokens.

We have reason to believe that Bitly account credentials have been compromised. We have no indication at this time that any accounts have been accessed without permission. For our users' protection, we have taken proactive steps to ensure the security of all accounts, including disconnecting all users' Facebook and Twitter accounts. All users can safely reconnect these accounts at their next login.

Needless to say, there is a ton of apps and services out there that make use of Bitly so this is something you're going to want to act on as soon as possible if it applies to you. You can head on over to the Bitly blog for the full details and instructions on how to get it all sorted out.

Source: Bitly

Chris Parsons
  • Just out of curiosity, why would someone need to create an account? Can't you just shorten links without creating one? What's the advantage?
  • Probably remember what links you shortened.
  • Custom URLs, and API keys for developers
  • It let's you track the analytics of the link's usage, as well as edit its destination later on. It's fully optional.
  • Why would someone shorten an url and consequently hidden it? Pretty suspicious
  • Character limits while posting (Twitter?). The ability to no clutter up text with a long URL...there are many reasons to shorten URLs ;P
  • Imagine you need to post some links to twitter and it has http :// www.blablabla .com/page/id=ushsysusvwysjsnsgwta&user_id=hsjshshsgsjdjsjdjdbdh&comment_id=iaiwgfwrwtafsbdkkgohllyrhgsgsvsn ....
    Will you only post it just like that (and compromize your space so you cannot explain what was this link you shared) or will you shorten it and explain what it contains clearly?
  • In addition to what others have already said, the true link isn't hidden. You can see it by adding a hyphen to the URL if I remember right.
  • I've used it for Twitter links as well as to put in a CMS that had a 50 character limit on links... long links would be truncated and not work at all.
  • Hmm
  • HmmmmMMMMMmmmmmmmmm
  • Mmhmmmmm
  • Very good post.