Link shortener Bitly disconnects users’ Facebook and Twitter accounts over compromised credentials

[InfoSec News <alerts () infosecnews org>]

http://www.washingtonpost.com/blogs/the-switch/wp/2014/05/09/link-shortener-bitly-disconnects-users-facebook-and-twitter-accounts-over-compromised-credentials/

By Andrea Peterson
The Washington Post
May 9, 2014

Bitly, a popular service that allows users to create shortened or even 
customized URLs, and track how that shortened link is shared over time, 
issued a mysterious security update Thursday evening.

In a blog post, CEO Mark Josephson warned the company had "reason to 
believe that Bitly account credentials have been compromised." While the 
company says that they "have no indication at this time that any accounts 
have been accessed without permission," it took the extreme step of 
disconnecting the service from all users' Facebook and Twitter accounts.

That's sure to cause a headache for some social media managers -- although 
probably less than the one from finding that their social channels were 
spewing unauthorized content.

Bitly is urging all users to reset passwords, change the API key and OAuth 
token associated with their account that allow the shortener to be tied 
into services, such as share buttons or social media management platforms, 
and then reconnect the shortener to their Facebook and Twitter accounts.

[...]



--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/