Cligs URL shortener hacked to redirect 2.2 million links | MX Logic

Cligs URL shortener hacked to redirect 2.2 million links | MX Logic

Hackers managed to hijack some 2.2 million links posted through the URL shortening service Cligs, redirecting the links to a single page on freedomblogging.com, a website of the OC Register.



The hack occurred sometime early Monday morning, Cligs - the fourth-most popular URL shortening service - said on the company's blog. The hackers were able to exploit a security flaw in the company's URL editing software to change the web addresses of the links.

The company said late Tuesday that it is moving to a new platform and 97 percent of the affected URLs were backed up and restorable.

"I've identified the hole and disabled all cligs editing for now and I'm restoring the URLs back to their original destination states," the company blog said Tuesday.

Cligs also said the hackers were not able to hijack user accounts and passwords are encrypted on the site.

Although the hacker did not redirect the URLs to a malicious site, web security experts said the attack demonstrates how URL shorteners could be used by cybercriminals to direct users to malicious sites for phishing or to spread malware.

Trend Micro reported on its blog in February that hackers had used TinyURL - the largest of the services - to direct users via instant messages on Facebook, Google Chat and AOL Instant Messenger to a phishing website.