Short URL service Cli.gs hacked and 2.2 million URLs affected

Cli.gs, one of the most popular URL shortening services on Twitter, has been hacked.

Late last night/early this morning, a security hole in the cligs editing functionality was discovered and was exploited by a malicious attacker. The attack edited 2.2 million URLs on Cligs to point to a single URL hosted on freedomblogging.com. The attacker’s IP address appears to have from Canda.

The hole is now identified and all cligs editing is disabled for now. URLs are being restored back to their original destination states. However, the most recent backup is from early May, and so ll URLs created since then are probably lost.

The restoration will take a long time so you may not see your proper links till tomorrow.