Bitly website hacked, accounts credentials compromised


Bitly(bit.ly), the Popular URL shortening service, has issued an urgent security warning about a security breach that exposed account's credentials.

The company says they found no evidence suggesting that any accounts have been accessed by the intruders.  However, as a precaution, the company has disconnected users' facebook and twitter accounts.

"We invalidated all credentials within Facebook and Twitter" the blog post reads.

Although the social media accounts appear to be connected with bitly account,  users won't be able to publish anything until they reconnect the accounts. 

Users are advised to take the following steps to reset their OAuth tokens and API Keys:

1) Log in to your account and click on ‘Your Settings,’ then the ‘Advanced’ tab.

2) At the bottom of the ‘Advanced’ tab, select ‘Reset’ next to ‘Legacy API key.’

3) Copy down your new API key and change it in all applications. These can include social publishers, share buttons and mobile apps.

4) Go to the ‘Profile’ tab and reset your password.

5) Disconnect and reconnect any applications that use Bitly. You can check which accounts are connected under the ‘Connected Accounts’ tab in ‘Your Settings.’
Bitly says "they have already taken proactive measures to secure all paths that led to the compromise". 

City of Newark, NJ and Melbourne Airport sites hacked by 0x00x00


The Hacker known as 0x00x00 , has managed to break into the official site of City of Newark, NJ. 'www.ci.newark.nj.us' is Official site featuring a history of the town, geographic and demographic information, municipal contacts, and press releases.

The hacker dumped the part of the compromised database in the pastebin. The leak contains the email address ,encrypted passwords includes the admin data. The leak also contains the database details.

He also tweet the vulnerable link in his tweet "The database is not fully dumped yet if someone wants to dump the whole thing here you go http://www.ci.newark.nj.us/******".

He also discovered SQL Injection Vulnerability in the Melbourne Airport site(melbourneairport.com.au) and tweet the vulnerable link.