Bitly Locks Down Employee Accounts with 2FA
Page 1 of 1
Back on May 8, popular URL-shortening service Bitly admitted that its systems were compromised. As it turns out, Bitly has now disclosed that the problem is just the latest example of an insider compromise.
"We audited the security history for our hosted source code repository that contains the credentials for access to the offsite database backup storage and discovered an unauthorized access on an employee's account," Rob Platzer, CTO of Bitly, wrote in a blog post.
Precisely, how the employee's account was compromised is unclear. What is particularly interesting is the Bitly response to the compromise.
"We immediately enabled two-factor authentication for all Bitly accounts on the source code repository and began the process of securing the system against any additional vulnerabilities," Platzer said.