URL redirection services like TinyURL have grown from almost nothing in recent years, due entirely to the success of Twitter and its 140-character limit. For most users, they represent a welcome convenience as they make their tweets, status messages, and other such space-limited posts throughout the day.
The database of Cligs, the #4 URL redirection service used on Twitter, was compromised sometime on Sunday night/Monday morning. According to the official Cligs blog, approximately 2.2 million redirects were edited to go to a post talking about Twitter hash tags at a blog maintained by the Orange County Register. It’s unclear who did it and why, although it might well be a case of it being done because it could be done.
While the attack caused little long-term damage, it could have been indescribably worse. Had it happen to a bigger redirection service like Bitly or TinyURL, the numbers of affected users would have been far greater. In addition, the links didn’t go anywhere malicious. It would have been just as easy for the links to go to malware – and it wouldn’t have been very hard to do so in a way that would be invisible to most users.
This could have been a far bigger problem, but thankfully it wasn’t. What it is, however, is a warning about the dangers of URL redirection. There’s not much consumers can do on their own, but providers should double-check their own security measures.