Link shortener Bitly disconnects users’ Facebook and Twitter accounts over compromised credentials

Screengrab of blog post announcing a security update for link shortener Bitly. (
Screengrab of blog post announcing a security update for link shortener Bitly. (

Bitly, a popular service that allows users to create shortened or even customized URLs, and track how that shortened link is shared over time, issued a mysterious security update Thursday evening.

In a blog post, CEO Mark Josephson warned the company  had "reason to believe that Bitly account credentials have been compromised." While the company says that they "have no indication at this time that any accounts have been accessed without permission," it took the extreme step of disconnecting the service from all users' Facebook and Twitter accounts.

That's sure to cause a headache for some social media managers -- although probably less than the one from finding that their social channels were spewing unauthorized content.

Bitly is urging all users to reset passwords, change the API key and OAuth token associated with their account that allow the shortener to be tied into services, such as share buttons or social media management platforms, and then reconnect the shortener to their Facebook and Twitter accounts.

It did not provide many details of what caused the problem. However, Bitly does assure users that the company has "already taken proactive measures to secure all paths that led to the compromise and ensure the security of all account credentials going forward."

Andrea Peterson covers technology policy for The Washington Post, with an emphasis on cybersecurity, consumer privacy, transparency, surveillance and open government.
Continue reading
Show Comments
Most Read Business



Success! Check your inbox for details.

See all newsletters