Security breach at URL site Bitly

Web-link shortening service Bitly has told users it believes its security has been breached and user credentials compromised. 

Writing in a blog post on the company's official site, chief executive Mark Josephson said: "We have reason to believe that Bitly account credentials have been compromised. We have no indication at this time that any accounts have been accessed without permission.

For our users' protection, we have taken proactive steps to ensure the security of all accounts, including disconnecting all users' Facebook and Twitter accounts. All users can safely reconnect these accounts at their next login."

The post also detailed how users should disconnect and then reconnect their Facebook and Twitter accounts to the Bitly service, resetting their account in order to restore its security. 

Bitly is a US-based service that works by shortening website URLs used in links so that they can be posted on social media. This is useful on sites like Twitter, where users can only use 140 characters per tweet. 

As well as invalidating all existing accounts using Bitly, the company has moved to reassure customers that it is still a secure service. 

"We have already taken proactive measures to secure all paths that led to the compromise and ensure the security of all account credentials going forward," said Mr Josephson. 

"We take your security and trust in us seriously. The team has been working hard to ensure all accounts are secure. We apologise for any inconvenience and we will continue to update our Twitter feed, as we have any further updates."

This compromise of security comes as the web continues to deal with the effects of the Heartbleed bug, which exploited a flaw on global internet security, leaving millions of passwords and therefore sensitive data at risk to hackers.

UK site Mumsnet was one of the first to admit a breach because of Heartbleed, and security experts described the bug as 'catastrophic'. Individual websites have since been installing fixes or 'patches' to reset their security and remove the flaw created by the bug. 
 
Twitter has also moved to improve its own security, announcing two new features to increase login protection should users forget their password.

Twitter users will now have the option of having reset information sent to either an email address or phone number, depending on their connection to the site.

The social network also announced that it will now analyse login history, including location and device used in order to better monitor potential attempts to hack user accounts.

Source : Yahoo