Bit.ly admits user accounts have been compromised

Bit.ly is the latest web firm to admit that user account details may have been stolen and is trying to help its users to safeguard accounts.

Related: Google to rival TinyURL, Bit.ly with Goo.gl URL shortener

The URL shortening service issued a security advisory that admitted it has reason to believe various details have been compromised including email addresses, encrypted passwords, API keys and OAuth tokens without permission.

“We are recommending all Bit.ly users make these changes. Please take the following steps to secure your account: change your API key and OAuth token, reset your password, and reconnect your Facebook and Twitter accounts,” stated a blog post from CEO Mark Josephson.

Bit.ly has already moved to automatically disconnected all user accounts from Facebook and Twitter in order to stop links being posted to the services and is offering users a step-by-step guide to making the above changes.

“We have already taken proactive measures to secure all paths that led to the compromise and ensure the security of all user data going forward. We take your security and trust in us seriously. The team has been working hard to ensure all accounts are secure,” Josephson added.

Related: Bitly redesign adds bundles, bitmarks…and bewilderment?

The company site states that Bit.ly, which is based in New York City and was founded in 2008, shortens over one billion links every month and cuts down links for everyone from publishers and brands to government organisations and education institutions as well as individual users. It processes around six billion clicks related to the links posted and is one of the largest such sites serving social media and web users.

Image Credit: Flickr (Chris Dlugosz)