Link shortening service Bitly late Thursday announced it has suffered a data breach, and urged all users to reset their credentials.
Bitly’s CEO wrote in the blogpost that they have “reasons to believe that Bitly account credentials have been compromised; specifically, users’ email addresses, encrypted passwords, API keys and OAuth tokens”.
This is really bad because it is not enough just to reset the password. Each user has actually to change all applications that were using the service using the OAuth tokens.
Even if the company assures users that they have no indication at this time that any accounts have been accessed without permission, this is no guarantee. And indeed, Bitly reset Twitter and Facebook connections. Fortunately, they can be restored with just one click.
Following are step-by-step instructions to reset your API key and OAuth token:
1) Log in to your account and click on ‘Your Settings,’ then the ‘Advanced’ tab.
2) At the bottom of the ‘Advanced’ tab, select ‘Reset’ next to ‘Legacy API key.’
3) Copy down your new API key and change it in all applications. These can include social publishers, share buttons and mobile apps.
4) Go to the ‘Profile’ tab and reset your password.
5) Disconnect and reconnect any applications that use Bitly. You can check which accounts are connected under the ‘Connected Accounts’ tab in ‘Your Settings.’
Sorin Mustaca
from Avira – TechBlog http://ift.tt/1oiOJsm
via IFTTT
© Copyright 2014 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity
Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch
One thought on “Link shortening service Bitly hacked, users asked to reset credentials”
Comments are closed.