2 million+ Cligs short URLs hacked

From the ‘don’t click everything you see‘ files:

Thanks to Twitter, URL shortening services are now common place, but their popularity can also put them (and you) at risk potentially. URL shortening service Cligs has reported that its service was hacked on Monday. What the attack did was take Cligs URLs and redirect them to a different URL than they were originally supposed to go to.

All told according to Cligs, 2,188,978 URLs were edited in the attack. That’s a lot of URLs.

What Cligs is doing now is restoring the correct URL points, but they apparently can’t do it for all of the 2 million plus URLs that were affected – 161,232 URLs were not in their backup (7 percent).

This isn’t the first time a URL shortening service has been the victim of an attack. In February, TinyURL was the target of a ‘don’t click’ attack.

At the heart of the issue really is the fact that Twitter has helped many users to forget that they shouldn’t just click on every URL they see. It’s something that security researchers have commented on and something that I agree with.

In this case though, the URLs were orginally legitimate and all likely were in real posts from real users. The back end service was compromised – so how is a user to know?

Windows users must make sure they’ve got anti-virus/anti-phishing protection on in their browsers and perhaps more importanatly – always be vigilant. If something doesn’t look right, then it might well not be right.

News Around the Web