The hack seemingly doesn’t affect people who only use Bitly as a basic link-shortening service.
It’s expected that the hack will mainly cause problems for website publishers who use Bitly to share and track story links.But it does affect registered users who use tools like saved links, stat tracking and social network sharing.
Bitly is vague on the details, for example, it doesn’t provide details about the hack, or whether information other than account credentials was stolen.
It does however say that users’ email addresses, encrypted passwords, API keys and OAuth tokens may have been compromised.
In a blog post by Mark Josephon, the Bitly CEO, he says: “We have no indication at this time that any accounts have been accessed without permission.”
The company says it has taken “proactive measures to secure all paths that led to the compromise.”
In addition to resetting all passwords, Bitly has also invalided all Twitter and Facebook credentials, so publishers will have to reconnect these accounts before posting via Bitly.
Users will also have to reset their API keys and OAuth tokens. Bitly has provided details on how to this on its blog.