URL shortening tool Bitly has been compromised according to the site’s CEO, who is urging everyone to change their passwords ASAP. Bitly also allows users to login via their Facebook and Twitter accounts so users will need to change those passwords too.
We have reason to believe that Bitly account credentials have been compromised; specifically, users’ email addresses, encrypted passwords, API keys and OAuth tokens. We have no indication at this time that any accounts have been accessed without permission. We have taken steps to ensure the security of all accounts, including disconnecting all users’ Facebook and Twitter accounts. All users can safely reconnect these accounts at their next login.
Bitly is periodically updating their blog as the issue is ongoing. Users can also contact [email protected] with inquiries.