Bitly alerts users of widespread account compromises, claims no accounts have been accessed

By Bla1ze on 8 May 2014 09:04 pm EDT

If you've ever created an account for the url shortening service Bitly before, you'll want to listen up. Bitly has now announced via their blog that they have reason to believe that Bitly account credentials have been compromised and are suggesting users change their API keys and OAuth tokens.

We have reason to believe that Bitly account credentials have been compromised. We have no indication at this time that any accounts have been accessed without permission. For our users' protection, we have taken proactive steps to ensure the security of all accounts, including disconnecting all users' Facebook and Twitter accounts. All users can safely reconnect these accounts at their next login.

Needless to say, there is a ton of apps and services out there that make use of Bitly so this is something you're going to want to act on as soon as possible if it applies to you. You can head on over to the Bitly blog for the full details and instructions on how to get it all sorted out.

Source: Bitly

Reader comments

Bitly alerts users of widespread account compromises, claims no accounts have been accessed


Bla1ze wasn't being sarcastic. He was simply experience frustration toward the first comment.

That person obviously think owning a BlackBerry makes you immune from all security threats. It doesn't.

The Bitly breach has nothing to do with BlackBerry.

I think Tight Debbie is referring to the fact that we're hearing more and more about services being hacked, not necessarily just a url shortener - so using a BlackBerry has a certain peace of mind here. Unfortunately (for BlackBerry) security just isn't high up on the needs list of buyers.

After all, if this post isn't relevant to blackberry at all... why is it posted on Crackberry?

Posted via CB10

Using a BlackBerry won't protect anyone from this type of situation. Also reporting on CB is getting the word out about the problem.

Posted via CB10

Because there is several apps that actually make use of Bitly on BlackBerry and if you're using any of those apps, using a BlackBerry doesn't help you one single bit. You should still be changing your passwords and such for the services as noted in the article, IF it applies to you.

Yeah, with BlackBerry this would've never happend. Always use BlackBerry as URL shortender.always always always.

RedBerry Z10 Limited Edition #00167

Unfortunately a lot of people already think of BlackBerry as a means of shortening their "mobile computing experience." BlackBerry - short their stock price, short on applications, short on features, short battery life, etc. So I suppose we shouldn't be shocked when someone mistakenly claims BlackBerry is a URL shortener. < /sarcasm >

Posted via CB10 on BlackBerry Q5

Just as I finished resecuring all of my accounts after HeartBleed. Thankfully, it's just Bitly. I do hope that the Internet Archive wasn't affected by this.

Why does anyone create an account in Looks like you can use it just by entering a url.

Because people sometimes want to do more than simply shorten a URL.

Using an account allows customization, history, and even stats and branding as well as other paid features.

Posted via CB10

The less services people use the better. No data is 100% safe not even on this site...

I trust all companies with my data like a bucket full of water and holes!

I find URL shorteners a bit suspicious. Could be a direct link to a malware payload or a laced website. How would you prevent that? Same with QR codes.

"No Q10?" -> "Buy from Chen... "

Yes they are suspicious.

You have two ways against that:

1) after the redirection : have secure applications that are able to handle those Malware sites (ie Firefox or the BlackBerry browser)

2) before applying the redirection, have the recipient app of that short link/qr-code resolve it and display it before asking if the user wants to open it (the NFC app does that already both for QR-Code and for NFC, as well as the Twitter website)

And the third solution: don't click.

Posted via CB10

There are other solutions.

I use They are trustworthy, they have been around forever. One of the first URL shortening services on the web.

They have a feature where all you do is prepend "preview." to the URL (ie "") and before the service redirects the browser, it displays a page on their site that shows what the destination URL is. Only when the person then clicks something to OK that, are they redirected to that destination page.

Thanks for the heads up! I just posted on LinkedIn and on Twitter #bitly #Security #Update #Urgent #Twitter #DataBreach #Privacy

- Sent from my BlackBerry | Q10 -