toggle

AAPL Stock: 118.44 ( -2.86 )

Printed from http://www.macnn.com

Bit.ly suffers data loss; users' emails, passwords, OAuth tokens taken

updated 03:13 pm EDT, Sat May 10, 2014

Data taken from offsite backup, no evidence thus far of account access

URL shortening service Bit.ly posted in its official blog that it believes that account credentials have been compromised by unknown assailants. Despite having no evidence of accounts being accessed without permission, taken in the breach are users' email addresses, salted and hashed passwords, API keys and OAuth tokens.

The company observed an unusually high amount of traffic from its offsite database backup storage, and decided that the best response was to execute its emergency plans. It audited the security history for the hosted source code repository that contains the credentials for access to the offsite database backup storage, and discovered an unauthorized access on an employee's account.

As a result of the intrusion, Bit.ly recommends users change API keys, OAuth tokens, and passwords. Additionally, users are requested to re-link Facebook and Twitter accounts, as the service has disconnected them for all users as a security precaution.

Steps the company has taken include a change in all SSL certificates, GPG encryption of all sensitive credentials, and enforced two-factor authentication company-wide. The company has also updated its iOS application to further mitigate problems related to the data breach.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

Follow us on Facebook

toggle

Most Popular

Advertisement

Recent Reviews

HP 14-x030nr 14-inch Chromebook

If you're like us, chances are you've come to realize that you need the ability to access the Internet on the go. Also, you've prob ...

15-inch MacBook Pro with Force Touch

Apple's 15-inch Retina MacBook Pro continues to be a popular notebook with professional users and prosumers looking for the ultimate ...

Typo keyboard for iPad

Following numerous legal shenanigans between Typo -- a company founded in part by Ryan Seacrest -- and the clear object of his physica ...

toggle

Most Commented