You’ve probably heard the news that Bitly, the popular link shortening service, is facing security issues.
We have reason to believe that Bitly account credentials have been compromised; specifically, users’ email addresses, encrypted passwords, API keys and OAuth tokens. We have no indication at this time that any accounts have been accessed without permission. We have taken steps to ensure the security of all accounts, including disconnecting all users’ Facebook and Twitter accounts. All users can safely reconnect these accounts at their next login.
What Do You Need to Do?
Bitly is recommending that all users make the following changes to secure their accounts.
- Change your API key and OAuth token
- Reset your password
- Reconnect any accounts you have provided Bitly API access — Facebook, Twitter, Buffer (we’ll touch on this in a moment), etc.
Changing Your Bitly API Key and OAuth Tokens
To reset your Bitly API key, log in to your Bitly account. In the top right, select your account and click Settings. Then, select the Advanced tab.
At the bottom of the page, you should see a heading for Legacy API Key. Click Show legacy API Key and then click reset.
Resetting Your Bitly Password
You can quickly reset your Bitly password by heading to the same Settings area, then clicking the Profile tab. You’ll have the ability to change your password near the bottom of the page.
Does This Impact Buffer?
The folks at Buffer informed me that Buffer-generated links using Bitly should be perfectly fine! However, it only takes a moment to reset your connection between Bitly and Buffer and it’s better safe than sorry.
Sidenote: you can go back to using Buffer’s internal link shortening, which may be preferable with their improved analytics features.
If you want to stick with Bitly link shortening in Buffer, complete the steps above and then do the following…
- Log in to your Buffer account
- In the top right, select Settings
- Select Link Shortening
You should see a “Disconnect Bitly” button near the middle of the page. Select that option.
After that, the page will refresh and that same button will now say Connect Bitly. Click that and you’ll be taken to a page on Bitly to grant Buffer access to your account. Click Allow and you’re done!
Piece of cake! If you run into problems or have questions, leave a comment and I’ll do my best to help.