Bitly, the URL shortening service, has been the victim of a hack. CEO Mark Josephson posted an "Urgent Security Update" on the Bitly blog today, stating that they found reason to believe that user data had been compromised. The data that became vulnerable includes email addresses, encrypted passwords, API keys, and OAuth tokens.
Thus far, they do not believe the accounts were actually accessed, just that the information may have been leaked. They didn't provide much more information about the hack beyond that. To secure their systems, Bitly has disconnected user accounts from Facebook and Twitter accounts.
So the most important step for Bitly users will be to reset their API key and OAuth token. The company provided these directions, if you need help:
Following are step-by-step instructions to reset your API key and OAuth token:
1) Log in to your account and click on ‘Your Settings,’ then the ‘Advanced’ tab.
2) At the bottom of the ‘Advanced’ tab, select ‘Reset’ next to ‘Legacy API key.’
3) Copy down your new API key and change it in all applications. These can include social publishers, share buttons and mobile apps.
4) Go to the ‘Profile’ tab and reset your password.
5) Disconnect and reconnect any applications that use Bitly. You can check which accounts are connected under the ‘Connected Accounts’ tab in ‘Your Settings.’
Since the hack, the company has patched the issue and information is now secure once more. We hope Chauncy, the company's friendly pufferfish mascot, has taken proper security measures to protect his Bitly account, and as should you.