Bitly has confirmed its account holders' credentials may have been compromised by a malicious attack.
The website is used by millions of people to shorten links for posting on social media. Account holders link it to their Facebook and Twitter profiles, meaning their social media accounts might now also be at risk.
In a blog post, chief executive Mark Josephson assured readers "the team has been working hard to ensure all accounts are secure."
Bitly said the company has no reason to believe any accounts have been accessed without permission. As a security precaution, however, it has shut down all Facebook and Twitter-connected accounts.
"We have already taken proactive measures to secure all paths that led to the compromise and ensure the security of all account credentials going forward," added Josephson.
A step-by-step guide has been posted on the blog, directing users to reset their API keys and security settings. Bitly also advises users to disconnect and reconnect from any applications that use the service and reset their passwords.
The URL service launched its website in 2008 and gained popularity the following year as the default shortening service used on Twitter. The company also offers a paid enterprise solution used by firms The New York Times and Pepsi for their social campaigns.
The company has yet to respond to a request for comment.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2023.