Posted By: ITWiser Webmaster - Yorkshire's IT Specialists
Posted By: IT Wiser
Bitly Enables Two-Factor Authentication after Security Breach
Bitly, the popular link shortening service that is used widely by businesses on social media sites such as Facebook and Twitter, suffered a data breach last week that put user credentials at risk.
In a blog post on the company’s official website, chief executive Mark Josephson wrote: “We have reason to believe that Bitly account credentials have been compromised. We have no indication at this time that any accounts have been accessed without permission.
For our users' protection, we have taken proactive steps to ensure the security of all accounts, including disconnecting all users' Facebook and Twitter accounts. All users can safely reconnect these accounts at their next login.”
Bitly, though, quickly came under criticism over the lack of details provided and published a further post revealing how hackers were able to compromise user accounts.
“We audited the security history for our hosted source code repository that contains the credentials for access to the offsite database backup storage, and discovered an unauthorized access on an employee’s account,” the company said. “We immediately enabled two-factor authentication for all Bitly accounts on the source code repository and began the process of securing the system against any additional vulnerabilities.”
So far, there is no indication that hackers have taken advantage of the exposure to gain access to user accounts. However, Bitly has rightly taken no chances by disconnecting user Facebook and Twitter accounts, and urging users to change their API keys, OAuth tokens, and passwords. The enabling of two-factor authentication should also put user’s minds at ease somewhat.
As reported by Info Security, the whole issue is another sign of the problem that privileged user accounts pose to companies.
“We have known for some time that privileged accounts, which include administrator log-in credentials, are a powerful tool for cyber-criminals looking to hack into a target system,” Matt Middleton-Leal of security firm CyberArk told the magazine. “As a result, we have seen these credentials become the most common attack vector in the majority of high-profile enterprise assaults in recent years.”
Detailed User Policies
The Bitly data breach is a prime example of the damage that can be caused by powerful credentials in companies with inadequate security in place. In order to prevent such a situation happening within your company, it is essential that you are able to oversee employee internet usage, filter URLs, and have detailed user policies in place.
Each of these things can be achieved by installing Cloud Web Security on your network, providing you with a walled garden that cannot be breached – internally or externally.
Contact ITWiser today to find out more on how Cloud Web Security can help you.