bit.ly

Medium Impact

4 May 2014

•

9,310,287 records affected

•

BreachAware

Search on Google

Description

In May 2014, the link shortening and analytics company Bitly announced they had suffered a data breach. The breach contained over 9 million unique email addresses, usernames and hashed passwords. Some of the passwords were hashed using an unknown variant of MD5 and others were hashed using bcrypt. The passwords were largely uncrackable due to the missing salt (or other unknown modifier), however in mid 2018 over 4 million plaintext credentials from the same Bitly breach were made publicly available. Many of the plaintext credentials continued to work on the Bitly website as late as the end of 2018.

What to do if you're affected

1.Change your password immediately if you have an account with this service
2.Enable two-factor authentication (2FA) wherever possible
3.Check if your email appears in the breach using Have I Been Pwned
4.Monitor your accounts for suspicious activity
5.Consider using a password manager to generate unique passwords

Learn More About Data Breaches

Have I Been Pwned

Check if your data has been compromised

ENISA

EU Agency for Cybersecurity