Got this email late last Friday:
Dear Ken Harthun,
We have reason to believe that your Bitly account credentials have been compromised; however, we have no indication at this time that your account has been accessed without permission.
Just to be safe, we have proactively disconnected any connections you might have had to publish on Facebook and Twitter from your Bitly account. You can safely reconnect these accounts at your next login.
Although you may see your Facebook and Twitter accounts connected to your Bitly account, it is not possible to publish to these accounts until you reconnect your Facebook and Twitter profiles.
To ensure the security of your account, please take the following steps:
1) Go to Your Settings Profile tab and reset your password.
2) Go to Your Settings Connected Accounts tab to disconnect and reconnect any Twitter or Facebook accounts. If you have any connected applications, disconnect and reconnect through the third-party application.
3) Go to Your Settings Advanced tab to reset your API key. If you are a developer using your API key, copy the new API key and change it in all applications. These can include social publishers, share buttons and mobile apps.
We have taken measures to secure all paths that led to the compromise and ensure the security of all account credentials going forward.
We apologize for any inconvenience and we will continue to update our Twitter feed, @Bitly, as we have any further updates.
The Bitly Team