Computer users have been warned to be wary of shortened URLs and to consider running a plug-in that will expand links before clicking on them. The warning follows news that Cligs, recently ranked as the fourth most popular URL shortening service on Twitter, has been hacked and on Sunday was redirecting millions of cli.gs links to a story about Twitter hashtags by blogger Kevin Sablan of the Orange County Register.
Security experts noted that URL shortening services like TinyURL, bit.ly and is.gd have increasingly become part of many computer users’ everyday lives, with the surge in popularity of micro-blogging websites like Twitter.
Sablan noticed the unexpected rise in traffic on Monday morning and subsequently blogged about the experience of having 2.2 million links temporarily pointing to his blog post.
A statement on the Cligs website suggests that a security vulnerability in its edit functionality allowed a malicious hacker to change the destination of millions of shortened URLs.
The company also admitted that it hasn’t been getting daily backups since early May.
"While Cligs is nowhere near as popular as the likes of TinyURL, it is still used by a substantial number of people, so you can imagine the disruption that can be caused if links no longer go where they are supposed to," said Graham Cluley, senior technology consultant at IT security and control firm Sophos.
"These services are becoming indispensable with more and more people using Twitter and needing to make their point in 140 characters or less, but this is not the first time we have seen spammers and hackers abusing these systems."