Users' email addresses, encrypted passwords, API keys and OAuth tokens were compromised.
While there's no indication at this point that any user accounts have been inappropriately accessed, the company has disconnected users' Facebook and Twitter accounts, and is urging all users to change their API keys and OAuth tokens, and to reset their passwords.
To reset their API keys and OAuth tokens, users are advised to log into their accounts and click on "Your Settings," then the "Advanced" tab, and at the bottom of the "Advanced" tab, select "Reset" next to "Legacy API key" -- then copy the new API key and change it in all applications, go to the "Profile" tab and reset the account password, and disconnected and reconnect any applications that use Bitly.
"We have already taken proactive measures to secure all paths that led to the compromise and ensure the security of all user data going forward," Bitly CEO Mark Josephson wrote in a blog post.
Users with account-related questions are advised to contact firstname.lastname@example.org.
Photo courtesy of Shutterstock.