Bitly Reports Data Breach

Account Credentials Compromised
Bitly Reports Data Breach

URL shortening service Bitly is reporting a data breach that has compromised account credentials.

See Also: Live Webinar Tomorrow | A Buyers' Guide: What to Consider When Assessing a CASB

Exposed information includes users' e-mail addresses, encrypted passwords, API keys and OAuth tokens, CEO Mark Josephson said in a May 9 statement, which does not specify how many users were affected.

"We have no indication at this time that any accounts have been accessed without permission," Josephson says. "We have taken steps to ensure the security of all accounts, including disconnecting all users' Facebook and Twitter accounts. All users can safely reconnect these accounts at their next login."

Bitly recommends all users change their API key and OAuth token, reset their passwords and reconnect their Facebook and Twitter accounts.

The company declined to provide additional details.

News of compromised OAuth tokens for Bitly users follows reports of a new flaw in open-source authorization services OAuth 2.0 and OpenID, tools that allow users to sign in to certain online services using an existing identity for other sites, such as Facebook, Google and Yahoo (see: Is 'Cover Redirect' Flaw a Big Deal?).

Because of the flaw, a cyber-attacker could potentially compromise the OAuth and OpenID process and steal the information that the user entered, including their e-mail address.

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.