Security Threat: Offsite Backup in Bitly Security Breach

For a long time now, offsite backups are considered as very secure and safe from infiltrators, as they only ever target the main servers and on-site backups because that’s where the payoffs are. However, URL shortening service Bitly has recently revealed that an unauthorized individual may have compromised an offsite database backup service that hosts their user details.

Bitly was made aware of the breach on May 8, when the security team of another technology company informed them of the breach. Bitly CTO Rob Platzer reveals in a blog post that they are confident that no external connections were made to their own production user database, and that their network has not been breached by any unauthorized individuals.

Click here and learn about the redundant security and back up system of Prestige Technologies. Sign up and automatically get your first 6 months free. No credit card required.

However, the third party security team saw that they have an unusually large amount of traffic from their offsite database backup storage, with the access not being initiated by anyone from Bitly.

As it turns out, a user managed to access one of Bitly’s employee’s hosted source code repository account, which contains the credentials for their offsite database backup. This gave the intruder access to the offsite database.

Steps Taken After the Intrusion

Platzer reassures users that once they were made aware of the matter, they immediately enabled two-factor authentication for all Bitly accounts on the source code repository and started taking steps to secure the system against any additional vulnerabilities.

Bitly believes that the user database was not compromised, but still took further steps to increase the protection for users who have their Facebook and Twitter accounts connected to the service. These include rotating all SSL certificates and all credentials for offsite storage systems, collecting detailed logs of its offsite storage systems, invalidating all Twitter and Facebook credentials, and enforcing two-factor authentication on all third-party services.

The recent intrusion has prompted bitly to join other service providers in incorporating two-factor authentication and password chang confirmation in order to beef up security and avoid user accounts from being compromised.

The incident serves as a reminder that access to third party services must be handled securely within an organization, in order to prevent intrusions into an otherwise secure first party network.

2 Responses to “Security Threat: Offsite Backup in Bitly Security Breach”

  1. Prestige Technologies - Best Web Site Hosting Company Says:

    […] web design and development, size does matter – for a number of reasons. The first and most important is simply a matter of getting […]

  2. Prestige Technologies - Best Web Site Hosting Company Says:

    […] by the savings and don’t see anything wrong past the working and accessible company website. However, there are a number of ways that a business can be adversely affected by a poor web host, such […]

Leave a Reply

You must be logged in to post a comment.