Short links are an essential function of the web. The simplicity and ease of short links can also be a vulnerability. A team of security researchers at Cornell decided to test how easy it’d be to generate random short links to see if they work.
Here’s what they found
- Out of 70 million randomly generated short links, 24,000 were live and the team was able to access content ranging from articles to navigation instructions.
- The team found sensitive content such as addresses and directions of personal residences, businesses, hospitals, and jails.
- 1,700 of these links allowed anyone to upload or edit files and folders.
This last point is a huge security risk because an attacker could easily upload malware to cloud services, which then distributes itself through automatic device and account synchronization. Once on a computer or a device, the attacker can collect personal information or gain control.
The lesson here is one of the basics of cyber-security – assume that anyone can see what you post. Take the extra click and and secure short links with a password or use a custom domain. Utilize these practices to protect yourself and your content.
