Shortened URLs Make File Sharing Less Secure, Cornell Researchers Find

In a paper published in April, two researchers revealed that the 5- and 6-character URLs produced by popular shortening services could be easily searched to discover sensitive documents inadvisedly shared by their owners. Attackers could scan shortened URLs at a sustained rate of 2.6 lookups every second, and would only have to pay $36,700 to rent the cloud computing time necessary to do so, co-authors Martin Georgiev and Vitaly Shmatikov stated in the report.