Do you think long URLs look very messy and old fashioned? Do you have the habit of using URL shorteners? Well, you have to stop right now, because according to a new study by computer scientists, shortening the URLs might expose you to the risk of vulnerabilities.
American computer scientists Vitaly Shmatikov and Martin Georgiev carried out a research of 18 months on the URL shortening methods used by Microsoft in its OneDrive Storage and Google in its Maps service.
The results were shocking. Microsoft Bitly’s URL shortening services 1drv.ms and binged.it are very easy to hack. The shortened URLs by these domains when used on cloud storage OneDrive, anyone with good computer language skills can easily scan the full URL, thus providing access to all the files uploaded by the user on his account.
OneDrive (formerly SkyDrive) used to automatically generate short URLs of files and folders, so that you can share the link easily to your loved ones, but now it has stop automatic generating of these kind of URLs. The two scientists conducted a research on 100 million Microsoft’s shortened URLs and they were all very easy to hack.
On the other hand, Google’s goo.gl URL shortening service is also not secure when used on Google Maps service. According to the study, it is very easy to obtain user’s full address, name, Google account details and many other things by just applying some little methods on these kind of links.
When the Vitaly Shmatikov and Martin Georgiev contacted Microsoft and Google to report these issues, Microsoft denied accepting that these are any serious issues. On the other hand, Google team replied immediately and deployed some defenses to limit the scanning of shortened URLs.
Vitaly and Martin say that people should avoid using URL shortening services, especially in cloud storages and mapping services.