Now Bitly Hacked: Users Connected accounts at risk.

  • Filter
  • Time
  • Show
Clear All
new posts

    Now Bitly Hacked: Users Connected accounts at risk.

    URL shortening service Bitly revelead on Friday that some of its user accounts were compromised by hackers and that the users reset their passwords.

    The company announced on its Official blog. “We have reason to believe that Bitly account credentials have been compromised; specifically, users’ email addresses, encrypted passwords, API keys and OAuth tokens. We have taken steps to ensure the security of all accounts, including disconnecting all users’ Facebook and Twitter accounts. All users can safely reconnect these accounts at their next login.”

    It is suggested that all Bitly users change their API key and OAuth token, reset their password, and reconnect their Facebook and Twitter accounts.

    Bitly has disconnected all users’ Facebook and Twitter accounts and taken other steps "to ensure the security of all accounts."

    eUKhost Ltd.: Dedicated Servers | Cloud Hosting | Build a Website
    Join our Affiliate program for free and earn up to 100% commission!

    Re: Now Bitly Hacked: Users Connected accounts at risk.

    More details...

    Rob Platzer, CTO, Bitly has posted the answers to some frequently asked questions for customers;

    Q1. Were passwords exposed?

    Answer :
    Hashed passwords were exposed but plain text passwords were not. All passwords are salted and hashed. If you registered, logged in or changed your password after January 8th, 2014, your password was converted to be hashed with BCrypt and HMAC using a unique salt. Before that, it was salted MD5.

    Q2. Were any of my Bitlinks affected or changed?

    No. The production database was never compromised nor was there any unauthorized access to our production network or environment. The data was from an offsite static backup. There was no risk of any data, including redirects, being changed.



      Re: Now Bitly Hacked: Users Connected accounts at risk.

      This is quite depressing. Every other day some or other service gets hacked or a bug is discovered which poses great risk to security.

      Why can't there be some solid solution to all these problems?