How Hackers Are Hijacking News Sites Using Bitly

Some companies make their Bitly API keys publicly available. Big mistake.

How Hackers Are Hijacking News Sites Using Bitly
[Image: Flickr user Omar Bárcena]

Hackers are using the custom shortened links of real media outlets, including MSNBC and Fox News, to send readers to fake news sites instead.


In a blog post published Monday, Websense Security Labs said cybercriminals have used MSNBC’s publicly available Bitly API key to create custom URL shorteners that appear to come from the outlet (eg., beginning with However, the links actually redirect to fraudulent news sites. The spam is spreading through Google Groups, Yahoo Groups, and email.

“In addition to proactively scanning and categorizing the web in real time Websense Security Labs telemetry has millions of feeds, allowing insight into emerging threats such as the one identified in the blog,” a representative told Fast Company. “In addition, we caught a number of the samples by actually protecting our customer from these threats.”

Click to expand

Bitly has blocked some of these sham links, but one screenshot shows a link received more than 2,000 clicks. It’s unclear whether the links are spreading malware.

Another tactic of hackers is to add a redirect parameter at the end of a seemingly legitimate link, which redirects users to any website on the Internet. The below example from Websense shows the domain, but directs to


To prevent such abuse, Websense recommends companies conceal their Bitly API keys and use two-factor authentication for added security. “All requests to the Bitly API should be done on the website’s back end, on the server-side. This means that the API key will never be seen by public users on the front end and your API key remains safe,” said the company.

About the author

Based in San Francisco, Alice Truong is Fast Company's West Coast correspondent. She previously reported in Chicago, Washington D.C., New York and most recently Hong Kong, where she (left her heart and) worked as a reporter for the Wall Street Journal.