The latest major online outfit to suffer from a breach is Bitly, the url shortening service beloved by users of Twitter and Facebook. According to a statement from Bitly CEO Mark Josephson, the company has "reason to believe that Bitly account credentials have been compromised."

c385df134b645f20b10410443c05d835

Although Josephson insists that there is no indication at the current time that any Bitly accounts have actually been accessed by the hackers, he has quite wisely taken the proactive step of disconnecting all users' Facebook and Twitter accounts which means they will be required to reconnect these when they next login once their API key and OAuth tokens have been changed, and password reset.

"We invalidated all credentials within Facebook and Twitter. Although users may see their Facebook and Twitter accounts connected to their Bitly account, it is not possible to publish to these accounts until users reconnect their Facebook and Twitter profiles" Josephson states.

So how do you do that? Well, in true Bitly style, here's the short of it:

  1. Log in, navigate to Your Settings|Advanced
  2. Hit the reset button next to Legacy API key
  3. Copy new key, change in all apps
  4. Reset password from profile tab
  5. Disconnect and reconnect all Bitly using apps

Meanwhile, Josephson insists that Bitly has "already taken proactive measures to secure all paths that led to the compromise and ensure the security of all account credentials going forward."

Oh, and I should add, of course:

  1. If same password was used at other services, change it there as well...

yah i got the same message , didnt click on it caused it seemed suspicious. i think as more people are using the interent criminals are also focusing on exploiting the weaknbesses on the intenet security

Actually, that highlights another problem that people face: email phishing scams have become so commonplace that genuine security alerts are often seen as suspicious and ignored. The only way to deal with a breach of this nature is for the service to reset logins and force a password change when users try to connect next.