News & Rumors

New malware exploits USB, but isn't really that scary

Special Coverage

Hands-on with Secusmart voice encryption

News & Rumors

BlackBerry acquires mobile security company Secusmart

News & Rumors

Blackphone fires back: 'BlackBerry betrayed its customers and jettisoned its credibility'

News & Rumors

BlackBerry discusses Blackphone and why its consumer-grade privacy is inadequate for businesses

News & Rumors

UK government set to rush through emergency surveillance legislation

News & Rumors

UK officials follow US counterparts by banning electronics with no charge from boarding flights

Editorial

Using strong passwords and keeping your online self secure

News & Rumors

First smartphone 'kill switch' bill in the US passed by… Minnesota

News & Rumors

BlackBerry kicks off security-focused Be Mobile Conference

Enterprise

BlackBerry earns two Govie Awards for outstanding security

Enterprise

BlackBerry CEO says Good is not good enough when it comes to security

BlackBerry Apps

BlackBerry tightens up on app security with BlackBerry Guardian and Trend Micro

Enterprise

BlackBerry issues statement on Air Force switch: 'There is nothing more secure than a BlackBerry'

Editorial

Despite growing security concerns, President Barack Obama stills trusts his BlackBerry

BlackBerry Apps

Your WhatsApp conversations may not be as safe as you think

Enterprise

BlackBerry 10 Receives NATO Approval for Restricted Communications

BlackBerry OS

Report claims NSA can access data on BlackBerry, Android and iOS devices

Enterprise

BlackBerry joins Fido Alliance to support passwordless authentication

BlackBerry Apps

RSA SecurID Software Token for BlackBerry 10 now available

< >

Bitly alerts users of widespread account compromises, claims no accounts have been accessed

Bitly
By Bla1ze on 8 May 2014 09:04 pm EDT
5
loading...
22
loading...
48
loading...

If you've ever created an account for the url shortening service Bitly before, you'll want to listen up. Bitly has now announced via their blog that they have reason to believe that Bitly account credentials have been compromised and are suggesting users change their API keys and OAuth tokens.

We have reason to believe that Bitly account credentials have been compromised. We have no indication at this time that any accounts have been accessed without permission. For our users' protection, we have taken proactive steps to ensure the security of all accounts, including disconnecting all users' Facebook and Twitter accounts. All users can safely reconnect these accounts at their next login.

Needless to say, there is a ton of apps and services out there that make use of Bitly so this is something you're going to want to act on as soon as possible if it applies to you. You can head on over to the Bitly blog for the full details and instructions on how to get it all sorted out.

Source: Bitly

Reader comments

Bitly alerts users of widespread account compromises, claims no accounts have been accessed

33 Comments
Sort by Rating

Bla1ze wasn't being sarcastic. He was simply experience frustration toward the first comment.

That person obviously think owning a BlackBerry makes you immune from all security threats. It doesn't.

The Bitly breach has nothing to do with BlackBerry.

I think Tight Debbie is referring to the fact that we're hearing more and more about services being hacked, not necessarily just a url shortener - so using a BlackBerry has a certain peace of mind here. Unfortunately (for BlackBerry) security just isn't high up on the needs list of buyers.

After all, if this post isn't relevant to blackberry at all... why is it posted on Crackberry?

Posted via CB10

Using a BlackBerry won't protect anyone from this type of situation. Also reporting on CB is getting the word out about the problem.

Posted via CB10

Because there is several apps that actually make use of Bitly on BlackBerry and if you're using any of those apps, using a BlackBerry doesn't help you one single bit. You should still be changing your passwords and such for the services as noted in the article, IF it applies to you.

Yeah, with BlackBerry this would've never happend. Always use BlackBerry as URL shortender.always always always.

RedBerry Z10 Limited Edition #00167

Unfortunately a lot of people already think of BlackBerry as a means of shortening their "mobile computing experience." BlackBerry - short their stock price, short on applications, short on features, short battery life, etc. So I suppose we shouldn't be shocked when someone mistakenly claims BlackBerry is a URL shortener. < /sarcasm >

Posted via CB10 on BlackBerry Q5

Just as I finished resecuring all of my accounts after HeartBleed. Thankfully, it's just Bitly. I do hope that the Internet Archive wasn't affected by this.

Because people sometimes want to do more than simply shorten a URL.

Using an account allows customization, history, and even stats and branding as well as other paid features.

Posted via CB10

The less services people use the better. No data is 100% safe not even on this site...

I trust all companies with my data like a bucket full of water and holes!

I find URL shorteners a bit suspicious. Could be a direct link to a malware payload or a laced website. How would you prevent that? Same with QR codes.

"No Q10?" -> "Buy from Chen... "

Yes they are suspicious.

You have two ways against that:

1) after the redirection : have secure applications that are able to handle those Malware sites (ie Firefox or the BlackBerry browser)

2) before applying the redirection, have the recipient app of that short link/qr-code resolve it and display it before asking if the user wants to open it (the NFC app does that already both for QR-Code and for NFC, as well as the Twitter website)

And the third solution: don't click.

Posted via CB10

There are other solutions.

I use tinyurl.com. They are trustworthy, they have been around forever. One of the first URL shortening services on the web.

They have a feature where all you do is prepend "preview." to the URL (ie "http://preview.tinyurl.com/xyz123") and before the service redirects the browser, it displays a page on their site that shows what the destination URL is. Only when the person then clicks something to OK that, are they redirected to that destination page.

Thanks for the heads up! I just posted on LinkedIn and on Twitter #bitly #Security #Update #Urgent #Twitter #DataBreach #Privacy

- Sent from my BlackBerry | Q10 -