Cligs hack reveals short URL risk

Computer users should think twice before using websites that enable them to shorten URLs.

The warning comes from security supplier Sophos following a hack on URL shortening website Cligs.

An attacker discovered and exploited a security vulnerability on Cligs last night. More than two million URLs were then changed to be directed to a single URL.

Download this free guide

The importance of web security

Join us as we take a look at the different approaches you can take in order to bolster your web security. We find out how to identify and address overlooked web security vulnerabilities, how security controls affect web security assessment results and why web opportunities must be met with appropriate security controls.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

• • I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

  Please check the box if you want to proceed.

• • I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

  Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

It is not certain what the attacker was trying to gain, but the fact that so many people could be directed to one site could cause massive problems if the site was malicious.

Sophos said URL shortening services like TinyURL, bit.ly and is.gd have increasingly become part of many computer users' everyday lives. Cligs is popular among users of Twitter because they have to condense comments on the microblogging site to no more than 140 characters.

"While Cligs is nowhere near as popular as the likes of TinyURL, it is still used by a substantial number of people, so you can imagine the disruption that can be caused if links no longer go where they are supposed to," said Graham Cluley, senior technology consultant at Sophos.

"While it is not clear what the intentions of the fraudsters were in this case, they could have easily redirected millions of shortened URLs to a website hosting malware," he added.