March 28, 2015

Bitly Has Been Compromised, Change Your Password

bitly hacked

Bitly, the popular url shortening tool, announced to users recently the company has reason to believe it has been compromised.

In a post on the official Bitly Blog, CEO Mark Josephson says the company has no indication any user accounts have been accessed. But the company is taking no chances.

Bitly, a popular choice for Twitter and Facebook users, says it has disconnected all Facebook and Twitter accounts. The company says it has also invalidated all Bitly user credentials on both sites.

Social media users often use Bitly to create shortened urls useful when there isn’t room to include an entire website address, as on Twitter.

Josephson suggests all users change their passwords before reconnecting their social media accounts and reusing the site.

Josephson says the company believes email addresses and encrypted passwords have been compromised. But so have API keys used to interface with Bitly for use in social media publishing, share buttons and mobile apps. The company says authentication tokens containing password and other information so that users do not need to sign in every time they want to use Bitly are probably also compromised. Josephson explains:

“We are recommending all Bitly users make these changes. Please take the following steps to secure your account: Change your API key and OAuth token, reset your password, and reconnect your Facebook and Twitter accounts.”

In step by step instructions to reset API keys and authentication tokens on the site, Josephson recommends:

  • Log into your account and select “Your Settings.”
  • Select the “Advanced” tab and then choose “Reset” near the “Legacy API key” at the bottom.
  • Copy down your new API key and be sure to change it in all external applications like social publishers and other outside software that may need to access Bitly.
  • Reset your password in the “Profile” tab.
  • Check the “Connected Accounts” tab under “Your Settings” and be sure you have disconnected and reconnected any external apps or software that accesses Bitly.

The Bitly staff also encourage users to contact them with any specific questions about individual accounts at

Image: Bitly

1 Comment ▼

Shawn Hessinger - Editor

Shawn Hessinger Shawn Hessinger is the Editor for Small Business Trends. He is a journalist and social media networker with more than a decade of experience in the traditional newspaper business before moving to the digital world. He was the former community manager of BizSugar and the former community editor at AllAnalytics, a site dedicated to professionals in the business intelligence and analytics community.

One Reaction

  1. Thanks for this, Shawn. I’ve just changed my password. None of my accounts are connected to Bitly, and I don’t have an API.

    Lots of big sites getting compromised these days. Seems like it.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

The 7th Annual Small Business Book Awards Feature What’s Worth Reading