Bitly Says Insider Account to Blame for Security Breach

Bitly acknowledged a data compromise last week – and has now revealed that a compromised employee account was to blame for the breach
Bitly acknowledged a data compromise last week – and has now revealed that a compromised employee account was to blame for the breach

“We audited the security history for our hosted source code repository that contains the credentials for access to the offsite database backup storage, and discovered an unauthorized access on an employee’s account,” the company said in a blog. “We immediately enabled two-factor authentication for all Bitly accounts on the source code repository and began the process of securing the system against any additional vulnerabilities.” 

Last week the service, which is the go-to URL shortener for Twitter posts in particular, warned its users that their account credentials may have been compromised; specifically, users’ email addresses, encrypted passwords, API keys and OAuth tokens.

So far there’s no evidence that hackers have taken advantage of the exposure to access accounts without permission. Even so, Bitly took the precaution of disconnecting all users’ Facebook and Twitter accounts; users can reconnect them at their next login. The company also urged people to change their API keys and OAuth tokens, and reset their passwords. Users should copy down the new API key and change it in all applications as well, including social publishers, share buttons and mobile apps.

The issue points out the ongoing and seemingly enduring problem that privileged accounts pose to companies. “We have known for some time that privileged accounts, which include administrator log-in credentials, are a powerful tool for cyber-criminals looking to hack into a target system,” said Matt Middleton-Leal, regional director for the UK & Ireland at security firm CyberArk, in an email. “As a result, we have seen these credentials become the most common attack vector in the majority of high-profile enterprise assaults in recent years.”

A recent survey from BeyondTrust showed that on a regular basis, employees are granted excessive privileges and access for their particular roles, resulting in unnecessary risks to organizations. Overall, 44% of employees in the survey said that they have access rights that are not necessary to their job.

One of the most startling statistics from the survey reveals that 28% of respondents admitted to having retrieved information not relevant to their job. A majority (80%) of respondents believe that it’s at least somewhat likely that employees access sensitive or confidential data out of curiosity.

“The Bitly breach is the latest example of the damage that can be caused by an abuse of these powerful credentials, which are all too often unmanaged or poorly secured within organizations, despite the vast security risks they pose,” said Middleton-Leal. He added, “Executives should be asking themselves if an attacker is already on the inside of your network, would they be faced with locked doors at every turn, or would they be able to move around the network with relative ease and reach the heart of the business? Unfortunately, in my experience, the latter response is the most probable.”

What’s hot on Infosecurity Magazine?